Customer asks us to create a non-root user to run our web system which bind port 512, less than 1024. When web server(jetty) runs, this is the exception:
2013-10-16 14:49:51.406:WARN::failed Server@2c2893ce: java.net.SocketException: Permission denied
2013-10-16 14:49:51.406:WARN::EXCEPTION
java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio.ch.Net.bind(Net.java:444)
at sun.nio.ch.Net.bind(Net.java:436)
at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214)
So I found out some solutions about how non-root user bind port less than 1024, at last the solution i used was set "cap_net_bind_service" to java, by set Capabilities, the command is:
sudo setcap cap_net_bind_service+eip /usr/lib/jvm/jdk1.7.0_25/bin/java
But when i start jetty again, another error happens:
[admin@VPRCEMSUSOFC04 bin]$ ./jetty.sh start
Starting Jetty: /usr/lib/jvm/jdk1.7.0_25/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory
Even when I execute java -version, it also causes an exception:
[admin@VPRCEMSUSOFC04 bin]$ java -version
java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory
But when I login with root, it`s fine:
[root@VPRCEMSUSOFC04 etc]# java -version
java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode)
I can`t understand why this happen. Why there are two different results under root and non-root user. It seems that set Capabilities impact this.
The Linux kernel is 2.6.32-220.el6.x86_64. OS is Red Hat Enterprise Linux Server release 6.2 (Santiago).
