1

I'm running jWebSockets on tomcat6 and when it comes up this line appears in the log:

2012-10-13 23:04:52,298 ERROR - FlashBridgePlugIn: FlashBridge could not be started: Permission denied

some digging around and I found that since this plugin runs a FlashPolicyServer and it needs to use port 843, It needs root privileges. How do I give root privileges to a webapp? Can I just give enough privileges to the TOMCAT_USER so it will be able to use ports below 1024?

Tom Klino
  • 2,358
  • 5
  • 35
  • 60

2 Answers2

0

Take a look at jsvc. It can be used to launch Tomcat to allow it to do some root-y things such as bind to low-numbered ports.

I'm not exactly sure at what point jsvc/Tomcat conspire to drop root privileges: your webapp might not have a chance to open that port before the privileges are dropped. In that case, I think you'll have to write your own bootstrap (Java) class similar to the stock Tomcat one and use that with jsvc. Then, you can allow your webapp to open that port before shedding root privileges.

Christopher Schultz
  • 20,221
  • 9
  • 60
  • 77
  • I'm taking your advise, but I can't seem to get tomcat running with jsvc. I've installed jsvc using synaptic. And I'm trying to run tomcat using the command here: http://tomcat.apache.org/tomcat-6.0-doc/setup.html but I'm getting errors: `Unable to redirect to ./logs/catalina.out` and `Cannot open PID file /var/run/jsvc.pid, PID is 2404` and eventually: `Service exit with a return value of 255` Can you help with this? – Tom Klino Oct 14 '12 at 21:45
  • Don't forget to run jsvc as `root` ;) – Christopher Schultz Oct 15 '12 at 12:03
  • thanks, but unfortunately I'm still encountering some errors. I have a follow up question here: http://stackoverflow.com/questions/12887028/ think you could take a look? – Tom Klino Oct 15 '12 at 23:08
  • scratch that last comment, I have it working now. However, it seems that like you said the root privileges have probably dropped before my webapp had a chance to open the port. Can you give me more info about what needs to be done with the bootstrap class to have it wait? the bootstrap.jar file I have contains only .class files, so I'm guessing I'll have to download some kind of sample? – Tom Klino Oct 16 '12 at 00:31
  • You'll have to download the Tomcat source to see what the Bootstrap class does. Now would be a great time to upgrade to Tomcat 7: it compiles *much* more easily than Tomcat 6 does for a newbie and the embedded options are also much better and easier to use. Definitely join the Tomcat users' mailing list to get better direction than I can provide. – Christopher Schultz Oct 16 '12 at 14:35
0

Port 843 is the fallback port, have you tried to check if port 8787 is open. Please see documentation here.

unixrules
  • 608
  • 4
  • 7
  • I am assuming 8787 is open because in general the jwebsocket server works (for example in chrome as client). However, I don't see how this would explain the fact the flashbrige cannot be loaded with the "permission denied" error – Tom Klino Oct 14 '12 at 19:52