David Hláčik wrote: > > Hi, > > I am using open source Alfresco( alfresco.com ), written in java, > which has own code for FTP, CIFS (running on tomcat apache and java). > I need to run tomcat5 as root in order to achieve that alfresco will > bind ftp cifs on privileged ports (21 , 135 ...). > > I am wondering, it is possible to allow user to bind on some > privilleged port. Like having whole alfresco running under user > alfresco and not root and able to bind on privileged ports? > the way thats conventionally done is by having a small SUID program (with the S bit set) which is invoked from the main program and opens the privileged socket, then hands it back to the unprivileged rest of the program. I have no idea how you'd do this with java short of using native code interfaces. that seems like a huge and very complex system, running that whole thing as root would be a nightmare from a security audit perspective.