Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Non-root user access to privileged ports-Solaris 8
Operating Systems Solaris Non-root user access to privileged ports-Solaris 8 Post 302342881 by Smiling Dragon on Tuesday 11th of August 2009 02:51:50 AM
Old 08-11-2009
Quote:
Originally Posted by Dyna
You can't but you can use e.g. sudo so that the user can start tomcat with a privileged port..
Umm, with respect, I'd recommend finding another solution. If you start your tomcat app as root, you grant it a great deal more than just the port it wants. If there's a problem with the app, it's no longer a potential issue just for that app, but now for everything else on the server too.

If you really have to have it on the ssl port, run it on a high port and put in an ssh port forward (or if you have solaris 10, a native port redirect).

Another option might be to use apache as your ssl webserver with the tomcat plugin to connect back via localhost to your tomcat application.

Another point to consider: What will you do if you want to host some other ssl app on this server?
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

Allowing access to ports < 1024 w/o root

I need to set up an application to run in a script which will be running as a web server but is a database. I need to allow users to use the web server but the app must be run as root in order for the ports to be accessible. This is not a very secure environment would like to know how this could... (2 Replies)
Discussion started by: rpollard
2 Replies

2. UNIX for Advanced & Expert Users

Forgot the privileged access password in ibm pseries615c3

Hi friends, I am having ibm pseries615c3 server. previously i set privileged access password for the firmware. Now i forgot that password. Help me to reset or remove the firmware password from the server. Otherwise anyone plz help me how to change the default boot device in pseries servers. I... (8 Replies)
Discussion started by: muthulingaraja
8 Replies

3. HP-UX

user commands without root access

Hi I have been asked to find out how to 1) create users 2) reset passwords 3) kill processes that may require root privileges without having root password, sudo rights or rights to passwd command Any ideas? Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies

4. Solaris

I can not access root user through LAN

Dear i have installed Solaris 10 on SUN V240 after installation i can not access system through root user if i access system through any other user it conects but root is not connecting through LAN if i connect through SC and then access root though cosole -f command it also works kindly... (6 Replies)
Discussion started by: rizwan225
6 Replies

5. Shell Programming and Scripting

access user history as root

Hi, I need to access a user's command history. However, the dilemma is that he is logged in and so his current history is not yet flushed to .bash_history file which gets flushed when he logs out. Is there a way I can still access his most recent history? thank you, S (4 Replies)
Discussion started by: sardare
4 Replies

6. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

7. Linux

nix User Access Restrictions to Network, USB ports, PCMCIA, CDROM

How to create a user account on a Linux desktop machine with restrictions on connecting to the LAN, WAN, PCMCIA ports, Firewire, CDROM and generally any user controllable output options? I have the task to set up a machine for users working with sensitive data that should not be leaving the... (1 Reply)
Discussion started by: netfreighter
1 Replies

8. Shell Programming and Scripting

How to give root access to non root user?

Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal. I want to give some users a root level access. Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way Regards ADI (4 Replies)
Discussion started by: adisky123
4 Replies

9. AIX

How to check that rpcbind/portmap on AIX allowes updates from non privileged ports?

Hi, I am trying to implement a service on AIX based on ONCRPC protocal and I want to use a RPC library called oncrpc4j because it is a non-blocked i/o library. I found it works fine on my work machine (WIndows 7) but failed on my AIX work station. The author of oncrpc4j told me that check that... (1 Reply)
Discussion started by: derekhsu
1 Replies

10. Solaris

Sudo access of rm to non-root user

Hello, It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only. This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file. Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT DEBIAN

sslh

SSLH(1p)						User Contributed Perl Documentation						  SSLH(1p)

NAME

       sslh - Switch incoming connection between SSH and SSL/HTTPS servers

SYNOPSIS

       sslh [ -v ] [ -p [host:]port ] [ -t timeout ]
	    [ --ssh [host:]port ] [ --ssl [host:]port ]

DESCRIPTION

       sslh is a simple script that lets you switch an incoming connection on a single port between distinct SSH and SSL/HTTPS servers.

       sslh listens for connections on a port and is able to redirect them either to an HTTPS web server or a SSH server.

       This lets one setup both a HTTPS web server and a SSH server and access them through the same host+port.

OPTIONS

       The program follows the usual GNU command line syntax, with long options starting with two dashes.

       -p, --port [host:]port
	   The port the proxy will listen to.  If no port is given, 443 is used by default.  If no host is given, "localhost" is used by default.

       -s, --ssh [host:]port
	   The SSH server which the SSH connections must be forwarded to.  If omitted, the default is localhost:22.

       -l, --ssl, --https [host:]port
	   The HTTPS server which the HTTPS connections must be forwarded to.  If omitted, the default is localhost:443.

       -t, --timeout delay
	   Timeout in seconds before a silent incoming connection is considered as a SSH connection. The number can be fractional.

	   The default is 2seconds.

       -v, --verbose
	   Verbose output.  This option can be used several times for more verbose output.

EXAMPLE OF USE

       Is this tool actually useful? Yes.

       For example one can use it to access both a SSH server and a secure web server via a corporate proxy that only accepts to relay connections
       to port 443. Creating a tunnel that passes SSH connection through a CONNECT-enabled web proxy is easy with connect-tunnel (also included in
       the "Net::Proxy" distribution).

       The proxy will let both SSH and HTTPS connections out (since they all point to port 443), and the home server will connect those incoming
       connections to the appropriate server. This only requires to run the HTTPS server on a non standard port (not 443).

TECHNICAL NOTE

       How can this proxy find out what kind of protocol is using a TCP connection to port 443, without being connected (yet) to the server?  We
       actually rely on a slight difference between the SSL and SSH protocols (found thanks to ethereal):

       SSH Once the TCP connection is established, the server speaks first, presenting itself by saying something like:

	       SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-1

       SSL With SSL, it's always the client that speaks first.

       This means that sslh can be used with any pair of protocols/services that share this property (the client speaks first for one and the
       server speaks first for the other).

AUTHORS

       Original idea and C version
	   Frederic Ple "<sslh@wattoo.org>".

       Perl versions
	   Philippe 'BooK' Bruhat "<book@cpan.org>".

SCRIPT HISTORY

       Version 0.01 of the script was a quick hack designed in 2003 as a proof of concept.

       Version 0.02 (and higher) are based on "Net::Proxy", and included with the "Net::Proxy" distribution. Version 0.02 didn't work, though.

       Version 0.03 correctly initialised the "in" connector.

       Version 0.04 lets the proxy listen on any address (instead of "localhost", which is still the default). Thanks to Dieter Voegtli for
       spotting this.

SEE ALSO

       Net::Proxy, Net::Proxy::Connector::dual.

COPYRIGHT

       Copyright 2003-2006, Philippe Bruhat. All rights reserved.

LICENSE

       This module is free software; you can redistribute it or modify it under the same terms as Perl itself.

perl v5.10.1							    2009-10-18								  SSLH(1p)
All times are GMT -4. The time now is 07:06 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy