Skip to end of metadata
Go to start of metadata

Configuring Linux To Run a Servlet Container as Non-Root

Running a servlet container without Apache that needs to bind to ports < 1024 but still run as a non-root user usually requires special setup (instructions for Debian and Ubuntu). Some containers include tools to assist with this, or another option is to rely on port mapping.


  • Linux kernel that support iptables and nat
  • IP address and ports numbers of servlet listeners

Configuration Changes

  • For non-Red Hat Linux installations modify /etc/rc.d/rc.local to include the following lines:
  • For Red Hat Linux installations modify the nat section of the /etc/sysconfig/iptables to include the following lines:
    Note the changes are only the addition of the DNAT lines in the nat section.
  • Add iptables rules to non-Red Hat Linux installations by running the iptables commands by hand.
  • Restart iptables on Red Hat with the /etc/init.d/iptables script.