[olug] Looking for Fedora 4 Admin help

Cesar Delgado cdelgad2 at bigred.unl.edu
Sat Apr 1 21:15:21 UTC 2006

To change tomcat to use port 80 you'll need to edit the server.xml file. 
  There you'll find a connector that is using port 8080.  Change that to 
port 80.

About starting tomcat as a non-root user, just use `su`.  It'll do the 
trick.  Make a group "tomcat" and make a user in that group called 
"tomcat".  Then run the tomcat statup script.
su tomcat /opt/tomcat5/bin/startup.sh

No kernel-touching necesary, ;).  Although seting up IP tables might be 
a good idea.  Close everything but port 80 and maybe ssh.  This can be 
done with iptables.  Just run the following :

# Flush all chains
/sbin/iptables --flush

# Allow unlimited traffic on the loopback interface
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT

# Set default policies
/sbin/iptables --policy INPUT DROP
/sbin/iptables --policy OUTPUT DROP
/sbin/iptables --policy FORWARD DROP

# Previously initiated and accepted exchanges bypass rule checking
# Allow unlimited outbound traffic
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Allow incoming TCP port 22 (ssh) traffic
/sbin/iptables -A INPUT -p tcp --dport ssh -m state --state NEW -j ACCEPT

# Allow incoming WWW request
/sbin/iptables -A INPUT -p tcp --dport www -m state --state NEW -j ACCEPT

# Drop all other traffic
/sbin/iptables -A INPUT -j DROP

Watch out that email might wrap some lines that should be on the same line.

Now, run:
/etc/init.d/iptables save
/etc/init.d/iptables restart

Now they are saved.  If you start iptables at boot they should come back 



Lee Chalupa wrote:
> Hello:
> I'm a java developer. I'm working with a dev. team. We have a webhosting virtual server running Fedora Core 4.  
> I'm looking for someone to help me when it comes to linux administration and mentoring. I'm doing
> the basics but when it comes to configuring the kernel or something similar I feel
> I'm too far out of my comfort zone.  I would rather concentrate on my core skills.
> For example, I'm trying to run tomcat on port 80 as a non-root user. I don't want to run
> Apache server. One option is to use IPTables. So far so good. It looks like I have to 
> change the configuration of the kernel. Now I'm out of my league.
> Let me know.
> Lee 
> ------------------------------------------------------------------------
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list