Configuring Linux To Run a Servlet Container as Non-Root
Running a servlet container without Apache that needs to bind to ports < 1024 but still run as a non-root user usually requires special setup (instructions for Debian and Ubuntu). Some containers include tools to assist with this, or another option is to rely on port mapping.
- Linux kernel that support iptables and nat
- IP address and ports numbers of servlet listeners
- For non-Red Hat Linux installations modify /etc/rc.d/rc.local to include the following lines:
- For Red Hat Linux installations modify the nat section of the /etc/sysconfig/iptables to include the following lines: Note the changes are only the addition of the DNAT lines in the nat section.
- Add iptables rules to non-Red Hat Linux installations by running the iptables commands by hand.
- Restart iptables on Red Hat with the /etc/init.d/iptables script.