суббота, 20 января 2018 г.

Запуск tomcat на AIX из под пользователя на 80-том порту.

----------------------------
POWER AIXperiences
1. [root@aix dists]# tracepriv -f /usr/java8_64/jre/bin/java
...
7602316: Used privileges for /usr/java8_64/jre/bin/java:
  PV_DAC_O                           PV_FS_CHOWN                      
  PV_PROC_SIG                        PV_NET_CNTL                      
  PV_NET_PORT 

2. [root@aix dists]# lsdom ALL

3. [root@aix dists]# mkdom "id=1" dfltmsg="TCP Port 80" java_80

4. [root@aix dists]# lsdom ALL
 java_80 id=1 dfltmsg=TCP Port 80

5. [root@aix dists]# setsecattr -o domains=java_80 objtype=netport secflags=FSF_DOM_ANY TCP_80

6. [root@aix dists]# setsecattr -c accessauths=ALLOW_ALL innateprivs=PV_NET_PORT inheritprivs=PV_NET_PORT secflags=FSF_EPS /usr/java8_64/jre/bin/java

7. [root@aix dists]# chuser "domains=java_80" tomcat

8. [root@aix dists]# setkst
Successfully updated the Kernel Authorization Table.
Successfully updated the Kernel Role Table.
Successfully updated the Kernel Command Table.
Successfully updated the Kernel Device Table.
Successfully updated the Kernel Object Domain Table.
Successfully updated the Kernel  Domains Table.
Successfully updated the Kernel RBAC log level. 

9. cat /etc/security/domains
java_80:
        id = 1
        dfltmsg = "TCP Port 80"