Re: Running Tomcat on port 80 without beeing system?
The program image listening on the port needs to be INSTALLed with privileges (I think SYSPRV is enough), then the user running it doesn't have to be privileged.
Now I have no experience with Tomcat, but my (OSU-) http server is running from an account with no privileges, on the procedure doing the INSTALL is privileged (running from startup).
Re: Running Tomcat on port 80 without beeing system?
SYSPRV or BYPASS is required to open ports numbered 1024 and less. This is a security feature that guarantees an incoming client that the service associated with these ports is "the real thing".
Re: Running Tomcat on port 80 without beeing system?
Yeah, virtual security :) The problem is that I don't want to give the Tomcat user any high privileges as any bug in it potentially may give someone system access, but I want the users to be able to enter an URL without port number which most users don't understand.
Is anything like iptables port rerouting available in OpenVMS? That would also be a solution.
Re: Running Tomcat on port 80 without beeing system?
The usual approach is to provide a way to launch the tool or to create environment with the necessary privileges.
Topic http://labs.hoffmanlabs.com/node/491 has some high-level information on this granting privileges topic, whether via Cerebrus or via DCL DECnet or batch processes or captive login or otherwise.
Tools including iptables and firewalls and such are not presently available with TCP/IP Services product. Check the third-party stacks and the OpenVMS roadmap, or check with your HP reseller or representative.
It can also be feasible to remap the incoming port requests at the firewall, given the capabilities of various external firewalls.
