[jetty8] 17/26: Added authbind support to run Jetty on privileged ports
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Thu Sep 11 17:56:34 UTC 2014
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to branch master
in repository jetty8.
commit ce025a9badd7b8f17388d65238334b5ba6f40c65
Author: Emmanuel Bourg <ebourg at apache.org>
Date: Mon Aug 4 19:53:26 2014 +0200
Added authbind support to run Jetty on privileged ports
---
debian/TODO | 4 ++--
debian/changelog | 1 +
debian/control | 1 +
debian/jetty8.default | 8 +++++++-
debian/jetty8.init | 16 ++++++++++++----
debian/jetty8.postinst | 19 ++++++++++++++++++-
debian/jetty8.postrm | 3 +++
debian/jetty8.prerm | 15 +++++++++++++++
8 files changed, 59 insertions(+), 8 deletions(-)
diff --git a/debian/TODO b/debian/TODO
index 584582f..cc24460 100644
--- a/debian/TODO
+++ b/debian/TODO
@@ -1,6 +1,6 @@
-TODO List for jetty in debian
+TODO list for Jetty in Debian
+-----------------------------
-* evaluate authbind or use jetty-setuid to run on port 80
* Link the Javadoc with the default-jdk-doc
Modules to add:
diff --git a/debian/changelog b/debian/changelog
index 120c6bc..3d6f94a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ jetty8 (8.1.15-1) UNRELEASED; urgency=medium
* New upstream release
- Refreshed the patches
- Ignore the Maven dependency on the Mycila maven-license-plugin
+ * Added authbind support to run Jetty on privileged ports
* Updated the init.d script to detect the recent JDKs and ignore the old ones
(Closes: #756310)
* debian/control:
diff --git a/debian/control b/debian/control
index 5a4162e..0a65be5 100644
--- a/debian/control
+++ b/debian/control
@@ -81,6 +81,7 @@ Depends: adduser,
libjetty8-java (>= ${source:Version}),
libjetty8-extra-java (>= ${source:Version}),
${misc:Depends}
+Recommends: authbind
Suggests: libjetty8-java-doc (>= ${source:Version})
Description: Java servlet engine and webserver
Jetty is an Open Source HTTP Servlet Server written in 100% Java.
diff --git a/debian/jetty8.default b/debian/jetty8.default
index 4bfef3d..5aa6ec8 100644
--- a/debian/jetty8.default
+++ b/debian/jetty8.default
@@ -1,7 +1,7 @@
# Defaults for jetty see /etc/init.d/jetty8 for more
# change to 0 to allow Jetty to start
-NO_START=1
+NO_START=1
# change to 'no' or uncomment to use the default setting in /etc/default/rcS
VERBOSE=yes
@@ -16,6 +16,7 @@ VERBOSE=yes
#JETTY_HOST=$(uname -n)
# The network port used by Jetty
+# Enable authbind to use a port lower than 1024 (see below)
#JETTY_PORT=8080
# Timeout in seconds for the shutdown of all webapps
@@ -46,3 +47,8 @@ VERBOSE=yes
# Default for number of days to keep old log files in /var/log/jetty8/
#LOGFILE_DAYS=14
+
+# If you run Jetty on port numbers that are all higher than 1023, then you
+# do not need authbind. It is used for binding Jetty to lower port numbers.
+# (yes/no, default: no)
+#AUTHBIND=yes
diff --git a/debian/jetty8.init b/debian/jetty8.init
index 8ff4b7e..bf7cccf 100644
--- a/debian/jetty8.init
+++ b/debian/jetty8.init
@@ -299,15 +299,23 @@ case "$1" in
chown $JETTY_USER "$JVM_TMP"
cd "$JVM_TMP"
- start-stop-daemon --start --pidfile "$PIDFILE" --chuid "$JETTY_USER" \
- --chdir "$JETTY_HOME" --background --make-pidfile --startas $JAVA -- \
- $JAVA_OPTIONS $BOOTSTRAP_CLASS $JETTY_ARGS --daemon $CONFIGS
+ JETTY_CMD="$JAVA $JAVA_OPTIONS $BOOTSTRAP_CLASS $JETTY_ARGS --daemon $CONFIGS"
+
+ AUTHBIND_COMMAND=""
+ if [ "$AUTHBIND" = "yes" ]; then
+ AUTHBIND_COMMAND="/usr/bin/authbind --deep /bin/bash -c "
+ JETTY_CMD="'$JETTY_CMD'"
+ fi
+
+ start-stop-daemon --start --pidfile "$PIDFILE" --chuid "$JETTY_USER" --verbose \
+ --chdir "$JETTY_HOME" --background --make-pidfile -x /bin/bash -- -c \
+ "$AUTHBIND_COMMAND $JETTY_CMD"
log_daemon_msg "$DESC started, reachable on http://$HOSTNAME:$JETTY_PORT/." "$NAME"
sleep 5
if start-stop-daemon --test --start --pidfile "$PIDFILE" \
- --user $JETTY_USER --startas "$JAVA" >/dev/null; then
+ --user $JETTY_USER --exec "$JAVA" >/dev/null; then
log_end_msg 1
else
log_end_msg 0
diff --git a/debian/jetty8.postinst b/debian/jetty8.postinst
index 7bc7a76..a2e6ab5 100644
--- a/debian/jetty8.postinst
+++ b/debian/jetty8.postinst
@@ -1,15 +1,32 @@
#!/bin/sh
set -e
+JETTY_USER=jetty
+JETTY_GROUP=jetty
+
case "$1" in
configure)
if ! id jetty > /dev/null 2>&1 ; then
adduser --system --home /usr/share/jetty8 --no-create-home \
--group --disabled-password --shell /bin/false \
- jetty
+ $JETTY_USER
fi
chown -R jetty:adm /var/cache/jetty8 /var/log/jetty8 /var/lib/jetty8
chmod 750 /var/log/jetty8
+
+ # Authorize user jetty to open privileged ports via authbind.
+ JETTY_UID="`id -u $JETTY_USER`"
+ if [ ! -f "/etc/authbind/byuid/$JETTY_UID" ]; then
+ if [ ! -d "/etc/authbind/byuid" ]; then
+ mkdir -p /etc/authbind/byuid
+ chmod 755 /etc/authbind
+ chmod 755 /etc/authbind/byuid
+ fi
+ echo '0.0.0.0/0:1,1023' >/etc/authbind/byuid/$JETTY_UID
+ echo '::/0,1-1023' >>/etc/authbind/byuid/$JETTY_UID
+ chown $JETTY_USER:$JETTY_GROUP /etc/authbind/byuid/$JETTY_UID
+ chmod 700 /etc/authbind/byuid/$JETTY_UID
+ fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
diff --git a/debian/jetty8.postrm b/debian/jetty8.postrm
index c969451..ec0568d 100644
--- a/debian/jetty8.postrm
+++ b/debian/jetty8.postrm
@@ -33,6 +33,9 @@ case "$1" in
rmdir --ignore-fail-on-non-empty /var/lib/jetty8 || true
fi
rmdir --ignore-fail-on-non-empty /etc/jetty8/contexts /etc/jetty8 || true
+
+ # clean up /etc/authbind after conffiles have been removed
+ rmdir --ignore-fail-on-non-empty /etc/authbind/byuid /etc/authbind
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
diff --git a/debian/jetty8.prerm b/debian/jetty8.prerm
new file mode 100644
index 0000000..deb986b
--- /dev/null
+++ b/debian/jetty8.prerm
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+ remove)
+ # Remove auth for jetty to open privileged ports via authbind.
+ JETTY_USER="jetty"
+ JETTY_UID="`id -u $JETTY_USER`"
+ if [ -f "/etc/authbind/byuid/$JETTY_UID" ]; then
+ rm -f /etc/authbind/byuid/$JETTY_UID
+ fi
+ ;;
+esac
+
+#DEBHELPER#
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/jetty8.git
More information about the pkg-java-commits
mailing list