Jsvc apache 守护进程未使用 root 权限绑定低于 1024 的端口
Jsvc apache daemon not binding port below 1024 with root privileges
我正在尝试以 root 用户身份执行一个监听端口 636 的守护进程,但我得到 java.net.BindException。 OS 是 CentOS 7. 我的脚本中是否遗漏了什么?
Service exit with a return value of 5
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:243)
Caused by: java.net.BindException: Permiso denegado
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:387)
at java.net.ServerSocket.bind(ServerSocket.java:375)
at java.net.ServerSocket.<init>(ServerSocket.java:237)
at java.net.ServerSocket.<init>(ServerSocket.java:181)
at javax.net.ssl.SSLServerSocket.<init>(SSLServerSocket.java:136)
at sun.security.ssl.SSLServerSocketImpl.<init>(SSLServerSocketImpl.java:113)
at sun.security.ssl.SSLServerSocketFactoryImpl.createServerSocket(SSLServerSocketFactoryImpl.java:79)
at com.wiacts.ldap.server.LdapServer.start(LdapServer.java:77)
at com.wiacts.ldap.server.LdapServer.start(LdapServer.java:110)
... 5 more
这是我start/stop守护程序
的脚本
#! /bin/sh
# /etc/init.d/ldap-server
### BEGIN INIT INFO
# Provides: ldap-server
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Starts the ldap-server service
# Description: This file is used to start the daemon
# and should be placed in /etc/init.d
### END INIT INFO
# Author: Sheldon Neilson <sheldon[AT]neilson.co.za>
# Url: www.neilson.co.za
# Date: 25/04/2013
NAME="ldap-server"
DESC="Ldap server"
# The path to Jsvc
EXEC="/usr/bin/jsvc"
# The path to the folder containing MyDaemon.jar
FILE_PATH="/home/centos/git/LDAPAuth/target/ldap-server"
# The path to the folder containing the java runtime
JAVA_HOME="/usr/java/jdk1.8.0_102"
# Our classpath including our jar file and the Apache Commons Daemon library
CLASS_PATH="$FILE_PATH/ldap-server-1.0.jar:$FILE_PATH/lib/commons-daemon-1.0.15.jar"
# The fully qualified name of the class to execute
CLASS="com.wiacts.ldap.server.LdapServer"
# Any command line arguments to be passed to the our Java Daemon implementations init() method
#ARGS="myArg1 myArg2 myArg3"
#The user to run the daemon as
USER="root"
# The file that will contain our process identification number (pid) for other scripts/programs that need to access it.
PID="/var/run/$NAME.pid"
# System.out writes to this file...
LOG_OUT="$FILE_PATH/log/$NAME.log"
# System.err writes to this file...
LOG_ERR="$FILE_PATH/log/$NAME.err"
jsvc_exec()
{
cd $FILE_PATH
$EXEC -home $JAVA_HOME -cp $CLASS_PATH -user $USER -outfile $LOG_OUT -errfile $LOG_ERR -pidfile $PID $CLASS $ARGS
}
case "" in
start)
echo "Starting the $DESC..."
# Start the service
jsvc_exec
echo "The $DESC has started."
;;
stop)
echo "Stopping the $DESC..."
# Stop the service
jsvc_exec "-stop"
echo "The $DESC has stopped."
;;
restart)
if [ -f "$PID" ]; then
echo "Restarting the $DESC..."
# Stop the service
jsvc_exec "-stop"
# Start the service
jsvc_exec
echo "The $DESC has restarted."
else
echo "Daemon not running, no action taken"
exit 1
fi
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|restart}" >&2
exit 3
;;
esac
为了回答我自己的问题,apache 守护进程要求将所有需要 root 权限的操作放在 init() 方法中。
我正在尝试以 root 用户身份执行一个监听端口 636 的守护进程,但我得到 java.net.BindException。 OS 是 CentOS 7. 我的脚本中是否遗漏了什么?
Service exit with a return value of 5
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:243)
Caused by: java.net.BindException: Permiso denegado
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:387)
at java.net.ServerSocket.bind(ServerSocket.java:375)
at java.net.ServerSocket.<init>(ServerSocket.java:237)
at java.net.ServerSocket.<init>(ServerSocket.java:181)
at javax.net.ssl.SSLServerSocket.<init>(SSLServerSocket.java:136)
at sun.security.ssl.SSLServerSocketImpl.<init>(SSLServerSocketImpl.java:113)
at sun.security.ssl.SSLServerSocketFactoryImpl.createServerSocket(SSLServerSocketFactoryImpl.java:79)
at com.wiacts.ldap.server.LdapServer.start(LdapServer.java:77)
at com.wiacts.ldap.server.LdapServer.start(LdapServer.java:110)
... 5 more
这是我start/stop守护程序
的脚本#! /bin/sh
# /etc/init.d/ldap-server
### BEGIN INIT INFO
# Provides: ldap-server
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Starts the ldap-server service
# Description: This file is used to start the daemon
# and should be placed in /etc/init.d
### END INIT INFO
# Author: Sheldon Neilson <sheldon[AT]neilson.co.za>
# Url: www.neilson.co.za
# Date: 25/04/2013
NAME="ldap-server"
DESC="Ldap server"
# The path to Jsvc
EXEC="/usr/bin/jsvc"
# The path to the folder containing MyDaemon.jar
FILE_PATH="/home/centos/git/LDAPAuth/target/ldap-server"
# The path to the folder containing the java runtime
JAVA_HOME="/usr/java/jdk1.8.0_102"
# Our classpath including our jar file and the Apache Commons Daemon library
CLASS_PATH="$FILE_PATH/ldap-server-1.0.jar:$FILE_PATH/lib/commons-daemon-1.0.15.jar"
# The fully qualified name of the class to execute
CLASS="com.wiacts.ldap.server.LdapServer"
# Any command line arguments to be passed to the our Java Daemon implementations init() method
#ARGS="myArg1 myArg2 myArg3"
#The user to run the daemon as
USER="root"
# The file that will contain our process identification number (pid) for other scripts/programs that need to access it.
PID="/var/run/$NAME.pid"
# System.out writes to this file...
LOG_OUT="$FILE_PATH/log/$NAME.log"
# System.err writes to this file...
LOG_ERR="$FILE_PATH/log/$NAME.err"
jsvc_exec()
{
cd $FILE_PATH
$EXEC -home $JAVA_HOME -cp $CLASS_PATH -user $USER -outfile $LOG_OUT -errfile $LOG_ERR -pidfile $PID $CLASS $ARGS
}
case "" in
start)
echo "Starting the $DESC..."
# Start the service
jsvc_exec
echo "The $DESC has started."
;;
stop)
echo "Stopping the $DESC..."
# Stop the service
jsvc_exec "-stop"
echo "The $DESC has stopped."
;;
restart)
if [ -f "$PID" ]; then
echo "Restarting the $DESC..."
# Stop the service
jsvc_exec "-stop"
# Start the service
jsvc_exec
echo "The $DESC has restarted."
else
echo "Daemon not running, no action taken"
exit 1
fi
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|restart}" >&2
exit 3
;;
esac
为了回答我自己的问题,apache 守护进程要求将所有需要 root 权限的操作放在 init() 方法中。