How to drop privilege of root user initiated process?

Question

I would like to start JBoss process with root user, because I have to bind ports (<1024).

But after initiating the process, I have to drop privilege of the initiated process. Is it possible? If yes, please provide some info on it.

I don't want to use sudo permissions @RamanSailopal. I am looking some alternative way to achieve the same — Picasu27, Nov 17 '17 at 12:17
Should be, but I don't know about jboss. Also see setcap for how to bind ports < 1024 without being root user. Similar to setuid, but for just the capabilities that you want ( https://unix.stackexchange.com/q/101263/4778 ). — ctrl-alt-delor, Nov 17 '17 at 15:14
I looked at jboss help. It looks hard to do. So set up a port forwarder, see https://serverfault.com/a/252199/111338 You will also have to tell JBoss that the proxy is on port 80. — ctrl-alt-delor, Nov 17 '17 at 15:23

ctrl-alt-delor · Accepted Answer · 2017-11-17T15:43:51.717

Some options are:

authbind, a tool to allow non-root processes to bind to low numbered ports https://superuser.com/a/892391/62123
setcap, to give process only the capability it needs What are the different ways to set file permissions etc on gnu/linux
port forwarding: run it as normal user on port 8080, but forward port 80 https://serverfault.com/a/252199/111338
docker: run in docker, and have docker forward port 80 to the jboss container.

1 Answers1