documentation/9.0.6.v20130930/setuid.html - gerrit/www.eclipse.org/jetty - Git at Google

 <html><head>
       <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>Chapter&nbsp;24.&nbsp;Setuid</title><link rel="stylesheet" type="text/css" href="css/docbook.css"><meta name="generator" content="DocBook XSL-NS Stylesheets V1.76.1"><meta name="keywords" content="jetty, servlet-api, cometd, http, spdy, eclipse, maven, java, software"><link rel="home" href="index.html" title="Jetty : The Definitive Reference"><link rel="up" href="advanced.html" title="Part&nbsp;III.&nbsp;Advanced Topics Guide"><link rel="prev" href="jetty-runner.html" title="Use Jetty without an installed distribution"><link rel="next" href="frameworks.html" title="Chapter&nbsp;25.&nbsp;Frameworks"><link xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" rel="shortcut icon" href="images/favicon.ico"><script type="text/javascript" src="js/shCore.js"></script><script type="text/javascript" src="js/shBrushJava.js"></script><script type="text/javascript" src="js/shBrushXml.js"></script><script type="text/javascript" src="js/shBrushBash.js"></script><script type="text/javascript" src="js/shBrushJScript.js"></script><script type="text/javascript" src="js/shBrushSql.js"></script><script type="text/javascript" src="js/shBrushProperties.js"></script><script type="text/javascript" src="js/shBrushPlain.js"></script><link type="text/css" rel="stylesheet" href="css/shCore.css"><link type="text/css" rel="stylesheet" href="css/shThemeEclipse.css"><link type="text/css" rel="stylesheet" href="css/font-awesome.min.css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><tr><td style="width: 25%"><a href="http://www.eclipse.org/jetty"><img src="images/jetty-header-logo.png" alt="Jetty Logo"></a><br><span style="font-size: small">
             Version: 9.0.6.v20130930</span></td><td style="width: 50%"><script type="text/javascript">  (function() {
             var cx = '016459005284625897022:obd4lsai2ds';
             var gcse = document.createElement('script');
             gcse.type = 'text/javascript';
             gcse.async = true;
             gcse.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') +
             '//www.google.com/cse/cse.js?cx=' + cx;
             var s = document.getElementsByTagName('script')[0];
             s.parentNode.insertBefore(gcse, s);
             })();
           </script><gcse:search></gcse:search></td></tr></table><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter&nbsp;24.&nbsp;Setuid</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="jetty-runner.html"><i class="icon-chevron-left"></i> Previous</a>&nbsp;</td><th width="60%" align="center">Part&nbsp;III.&nbsp;Advanced Topics Guide<br><a accesskey="p" href="index.html"><i class="icon-home"></i> Home</a></th><td width="20%" align="right">&nbsp;<a accesskey="n" href="frameworks.html">Next <i class="icon-chevron-right"></i></a></td></tr></table><hr></div><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="jetty-callout"><h5 class="callout"><a href="http://www.webtide.com/support.jsp">Contact the core Jetty developers at
           <span class="website">www.webtide.com</span></a></h5><p>
  private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ...
  scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery
       </p></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="setuid"></a>Chapter&nbsp;24.&nbsp;Setuid</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="setuid.html#configuring-setuid">Configuring Setuid</a></span></dt></dl></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configuring-setuid"></a>Configuring Setuid</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="setuid.html#d0e15579">Configuring the Setuid feature</a></span></dt><dt><span class="section"><a href="setuid.html#d0e15625">Enabling SetUID on startup</a></span></dt><dt><span class="section"><a href="setuid.html#d0e15652">Supported Operating Systems</a></span></dt></dl></div><p>On Unix based systems, port 80 is protected and can usually only be opened by the superuser root. As it is not
   desirable to run the server as root (for security reasons), the solution options are as follows:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Start Jetty as the root user, and use Jetty's setuid mechanism to switch to a non-root user after
       startup.</p></li><li class="listitem"><p>Configure the server to run as a normal user on port 8080 (or some other non protected port). Then,
       configure the operating system to redirect port 80 to 8080 using ipchains, iptables, ipfw or a similar
       mechanism.</p></li></ul></div><p>The latter has traditionally been the solution, however Jetty 9 has Setuid feature.</p><p>If you are using Solaris 10, you may not need to use this feature, as Solaris provides a User Rights Management
   framework that can permit users and processes superuser-like abilities. Please refer to the Solaris documentation for
   more information.</p><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="icon-asterisk"></i> Note</h3><p><span class="bold"><strong>If the environment variable JETTY_USER is set for the startup process and jetty.sh
           is used, jetty-setuid will not work! So if you want to use jetty-setuid,
           make sure JETTY_USER is not set!</strong></span></p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e15579"></a>Configuring the Setuid feature</h3></div></div></div><p>In the Jetty <code class="filename">etc</code> directory you will find the following jetty-setuid.xml file which can
     be modified to suit your needs.</p><div class="informalexample"><script type="syntaxhighlighter" class="brush: xml;toolbar: false">
           <![CDATA[

 <?xml version="1.0"?>
 <!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">

 <!-- ================================================================ -->
 <!-- Configure the Jetty SetUIDServer                                 -->
 <!-- This configuration file *must* be specified first in the list of -->
 <!-- configuration files and should be used in combination with other -->
 <!-- configuration files eg jetty.xml                                 -->
 <!-- ================================================================ -->
 <Configure id="Server" class="org.eclipse.jetty.setuid.SetUIDServer">
   <Set name="startServerAsPrivileged">false</Set>
   <Set name="umask">2</Set>
   <Set name="username">jetty</Set>
   <Set name="groupname">jetty</Set>
 <!-- uncomment to change the limits on number of open file descriptors for root -->
 <!--
     <Call name="setRLimitNoFiles">
     <Arg>
         <New class="org.eclipse.jetty.setuid.RLimit">
           <Set name="soft">20000</Set>
           <Set name="hard">40000</Set>
         </New>
     </Arg>
   </Call>
 -->
 </Configure>

       ]]>
         </script></div><p>Options:</p><div class="variablelist"><dl><dt><span class="term">startServerAsPrivileged</span></dt><dd><p>set this to true if you will start the server up as the root user</p></dd><dt><span class="term">umask</span></dt><dd><p>the umask setting you would like the process to have, optionally you may remove this line to leave it
           unchanged.</p></dd><dt><span class="term">username</span></dt><dd><p>the name of the user you would like tthe process to run under after starting, set to <span class="emphasis"><em>
           jetty</em></span> by default</p></dd><dt><span class="term">groupname</span></dt><dd><p>the name of the group you would like the process to run under after starting, set to <span class="emphasis"><em>
           jetty</em></span> by default</p></dd></dl></div><p>Additionally if you would like to set the file descriptor limits in the process you can uncomment the
     appropriate section above and set the soft and hard values accordingly.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e15625"></a>Enabling SetUID on startup</h3></div></div></div><p>The <code class="filename">jetty-setuid.xml</code> file runs as a wrapper around the typical Jetty server
     configuration so you must set this xml file to be processed before any others. This is already configured yet
     commented out in the normal <code class="filename">start.ini</code> file in the root of the jetty-distribution.</p><p>Open the <code class="filename">start.ini</code> file and look for the following section:</p><div class="informalexample"><script type="syntaxhighlighter" class="brush: xml;toolbar: false">
           <![CDATA[

 #===========================================================
 # Enable SetUID
 # To enable setuid you must have the jetty-setuid.xml as the
 # first xml file to be processed.
 # The default user and group is 'jetty' and if you are
 # starting as root you must change the run privledged to true
 #-----------------------------------------------------------
 # OPTIONS=setuid
 # etc/jetty-setuid.xml
 #===========================================================

       ]]>
         </script></div><p>Uncomment the OPTIONS line which will set the setuid libraries to be loaded when Jetty starts along with the
     line following which will process the <code class="filename">jetty-setuid.xml</code> file when jetty starts up. Take care
     when modifying this file when the SetUID feature is in play as it <span class="emphasis"><em>MUST</em></span> be the first xml file
     to be processed.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e15652"></a>Supported Operating Systems</h3></div></div></div><p>The Setuid feature leverages the the JNI setup with the jvm so part of the feature is C code compiled for the
     appropriate operating environment. By default we ship with <code class="filename">.so</code> files for both Linux and Mac OS
     X. The code for the entire SetUID feature is located in the <a class="link" href="http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/" target="_top">Jetty toolchain</a>. The Linux file is
     built on a release machine, most typically an Ubunutu machine with a fairly standard setup. If the existing
     distributed binaries do not work you can look to this project and fiddle with the appropriate linker and compiler
     options until it works.</p></div></div></div><script type="text/javascript">
       SyntaxHighlighter.all()
     </script><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="jetty-runner.html"><i class="icon-chevron-left"></i> Previous</a>&nbsp;</td><td width="20%" align="center"><a accesskey="u" href="advanced.html"><i class="icon-chevron-up"></i> Top</a></td><td width="40%" align="right">&nbsp;<a accesskey="n" href="frameworks.html">Next <i class="icon-chevron-right"></i></a></td></tr><tr><td width="40%" align="left" valign="top">Use Jetty without an installed distribution&nbsp;</td><td width="20%" align="center"><a accesskey="h" href="index.html"><i class="icon-home"></i> Home</a></td><td width="40%" align="right" valign="top">&nbsp;Chapter&nbsp;25.&nbsp;Frameworks</td></tr></table></div><p xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><div class="jetty-callout">
             See an error or something missing?
             <span class="callout"><a href="http://github.com/jetty-project/jetty-documentation">Contribute to this documentation at
                 <span class="website"><i class="icon-github"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2013-10-30T13:20:39-05:00)</i></span></div></p><script xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" type="text/javascript">
   var _gaq = _gaq || [];
   _gaq.push(['_setAccount', 'UA-1149868-7']);
   _gaq.push(['_trackPageview']);

   (function() {
     var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
     ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
     var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
   })();
     </script></body></html>
	<html><head>
	<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
	<title>Chapter 24. Setuid</title><link rel="stylesheet" type="text/css" href="css/docbook.css"><meta name="generator" content="DocBook XSL-NS Stylesheets V1.76.1"><meta name="keywords" content="jetty, servlet-api, cometd, http, spdy, eclipse, maven, java, software"><link rel="home" href="index.html" title="Jetty : The Definitive Reference"><link rel="up" href="advanced.html" title="Part III. Advanced Topics Guide"><link rel="prev" href="jetty-runner.html" title="Use Jetty without an installed distribution"><link rel="next" href="frameworks.html" title="Chapter 25. Frameworks"><link xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" rel="shortcut icon" href="images/favicon.ico"><script type="text/javascript" src="js/shCore.js"></script><script type="text/javascript" src="js/shBrushJava.js"></script><script type="text/javascript" src="js/shBrushXml.js"></script><script type="text/javascript" src="js/shBrushBash.js"></script><script type="text/javascript" src="js/shBrushJScript.js"></script><script type="text/javascript" src="js/shBrushSql.js"></script><script type="text/javascript" src="js/shBrushProperties.js"></script><script type="text/javascript" src="js/shBrushPlain.js"></script><link type="text/css" rel="stylesheet" href="css/shCore.css"><link type="text/css" rel="stylesheet" href="css/shThemeEclipse.css"><link type="text/css" rel="stylesheet" href="css/font-awesome.min.css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><tr><td style="width: 25%"><a href="http://www.eclipse.org/jetty"><img src="images/jetty-header-logo.png" alt="Jetty Logo"></a><br><span style="font-size: small">
	Version: 9.0.6.v20130930</span></td><td style="width: 50%"><script type="text/javascript"> (function() {
	var cx = '016459005284625897022:obd4lsai2ds';
	var gcse = document.createElement('script');
	gcse.type = 'text/javascript';
	gcse.async = true;
	gcse.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') +
	'//www.google.com/cse/cse.js?cx=' + cx;
	var s = document.getElementsByTagName('script')[0];
	s.parentNode.insertBefore(gcse, s);
	})();
	</script><gcse:search></gcse:search></td></tr></table><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 24. Setuid</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="jetty-runner.html"><i class="icon-chevron-left"></i> Previous</a> </td><th width="60%" align="center">Part III. Advanced Topics Guide<br><a accesskey="p" href="index.html"><i class="icon-home"></i> Home</a></th><td width="20%" align="right"> <a accesskey="n" href="frameworks.html">Next <i class="icon-chevron-right"></i></a></td></tr></table><hr></div><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="jetty-callout"><h5 class="callout"><a href="http://www.webtide.com/support.jsp">Contact the core Jetty developers at
	<span class="website">www.webtide.com</span></a></h5><p>
	private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ...
	scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery
	</p></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="setuid"></a>Chapter 24. Setuid</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="setuid.html#configuring-setuid">Configuring Setuid</a></span></dt></dl></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configuring-setuid"></a>Configuring Setuid</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="setuid.html#d0e15579">Configuring the Setuid feature</a></span></dt><dt><span class="section"><a href="setuid.html#d0e15625">Enabling SetUID on startup</a></span></dt><dt><span class="section"><a href="setuid.html#d0e15652">Supported Operating Systems</a></span></dt></dl></div><p>On Unix based systems, port 80 is protected and can usually only be opened by the superuser root. As it is not
	desirable to run the server as root (for security reasons), the solution options are as follows:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Start Jetty as the root user, and use Jetty's setuid mechanism to switch to a non-root user after
	startup.</p></li><li class="listitem"><p>Configure the server to run as a normal user on port 8080 (or some other non protected port). Then,
	configure the operating system to redirect port 80 to 8080 using ipchains, iptables, ipfw or a similar
	mechanism.</p></li></ul></div><p>The latter has traditionally been the solution, however Jetty 9 has Setuid feature.</p><p>If you are using Solaris 10, you may not need to use this feature, as Solaris provides a User Rights Management
	framework that can permit users and processes superuser-like abilities. Please refer to the Solaris documentation for
	more information.</p><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><i class="icon-asterisk"></i> Note</h3><p><span class="bold"><strong>If the environment variable JETTY_USER is set for the startup process and jetty.sh
	is used, jetty-setuid will not work! So if you want to use jetty-setuid,
	make sure JETTY_USER is not set!</strong></span></p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e15579"></a>Configuring the Setuid feature</h3></div></div></div><p>In the Jetty <code class="filename">etc</code> directory you will find the following jetty-setuid.xml file which can
	be modified to suit your needs.</p><div class="informalexample"><script type="syntaxhighlighter" class="brush: xml;toolbar: false">
	<![CDATA[

	<?xml version="1.0"?>
	<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">

	<!-- ================================================================ -->
	<!-- Configure the Jetty SetUIDServer -->
	<!-- This configuration file must be specified first in the list of -->
	<!-- configuration files and should be used in combination with other -->
	<!-- configuration files eg jetty.xml -->
	<!-- ================================================================ -->
	<Configure id="Server" class="org.eclipse.jetty.setuid.SetUIDServer">
	<Set name="startServerAsPrivileged">false</Set>
	<Set name="umask">2</Set>
	<Set name="username">jetty</Set>
	<Set name="groupname">jetty</Set>
	<!-- uncomment to change the limits on number of open file descriptors for root -->
	<!--
	<Call name="setRLimitNoFiles">
	<Arg>
	<New class="org.eclipse.jetty.setuid.RLimit">
	<Set name="soft">20000</Set>
	<Set name="hard">40000</Set>
	</New>
	</Arg>
	</Call>
	-->
	</Configure>

	]]>
	</script></div><p>Options:</p><div class="variablelist"><dl><dt><span class="term">startServerAsPrivileged</span></dt><dd><p>set this to true if you will start the server up as the root user</p></dd><dt><span class="term">umask</span></dt><dd><p>the umask setting you would like the process to have, optionally you may remove this line to leave it
	unchanged.</p></dd><dt><span class="term">username</span></dt><dd><p>the name of the user you would like tthe process to run under after starting, set to <span class="emphasis"><em>
	jetty</em></span> by default</p></dd><dt><span class="term">groupname</span></dt><dd><p>the name of the group you would like the process to run under after starting, set to <span class="emphasis"><em>
	jetty</em></span> by default</p></dd></dl></div><p>Additionally if you would like to set the file descriptor limits in the process you can uncomment the
	appropriate section above and set the soft and hard values accordingly.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e15625"></a>Enabling SetUID on startup</h3></div></div></div><p>The <code class="filename">jetty-setuid.xml</code> file runs as a wrapper around the typical Jetty server
	configuration so you must set this xml file to be processed before any others. This is already configured yet
	commented out in the normal <code class="filename">start.ini</code> file in the root of the jetty-distribution.</p><p>Open the <code class="filename">start.ini</code> file and look for the following section:</p><div class="informalexample"><script type="syntaxhighlighter" class="brush: xml;toolbar: false">
	<![CDATA[

	#===========================================================
	# Enable SetUID
	# To enable setuid you must have the jetty-setuid.xml as the
	# first xml file to be processed.
	# The default user and group is 'jetty' and if you are
	# starting as root you must change the run privledged to true
	#-----------------------------------------------------------
	# OPTIONS=setuid
	# etc/jetty-setuid.xml
	#===========================================================

	]]>
	</script></div><p>Uncomment the OPTIONS line which will set the setuid libraries to be loaded when Jetty starts along with the
	line following which will process the <code class="filename">jetty-setuid.xml</code> file when jetty starts up. Take care
	when modifying this file when the SetUID feature is in play as it <span class="emphasis"><em>MUST</em></span> be the first xml file
	to be processed.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="d0e15652"></a>Supported Operating Systems</h3></div></div></div><p>The Setuid feature leverages the the JNI setup with the jvm so part of the feature is C code compiled for the
	appropriate operating environment. By default we ship with <code class="filename">.so</code> files for both Linux and Mac OS
	X. The code for the entire SetUID feature is located in the <a class="link" href="http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/" target="_top">Jetty toolchain</a>. The Linux file is
	built on a release machine, most typically an Ubunutu machine with a fairly standard setup. If the existing
	distributed binaries do not work you can look to this project and fiddle with the appropriate linker and compiler
	options until it works.</p></div></div></div><script type="text/javascript">
	SyntaxHighlighter.all()
	</script><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="jetty-runner.html"><i class="icon-chevron-left"></i> Previous</a> </td><td width="20%" align="center"><a accesskey="u" href="advanced.html"><i class="icon-chevron-up"></i> Top</a></td><td width="40%" align="right"> <a accesskey="n" href="frameworks.html">Next <i class="icon-chevron-right"></i></a></td></tr><tr><td width="40%" align="left" valign="top">Use Jetty without an installed distribution </td><td width="20%" align="center"><a accesskey="h" href="index.html"><i class="icon-home"></i> Home</a></td><td width="40%" align="right" valign="top"> Chapter 25. Frameworks</td></tr></table></div><p xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><div class="jetty-callout">
	See an error or something missing?
	<span class="callout"><a href="http://github.com/jetty-project/jetty-documentation">Contribute to this documentation at
	<span class="website"><i class="icon-github"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2013-10-30T13:20:39-05:00)</i></span></div></p><script xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" type="text/javascript">
	var _gaq = _gaq \|\| [];
	_gaq.push(['_setAccount', 'UA-1149868-7']);
	_gaq.push(['_trackPageview']);

	(function() {
	var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
	ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
	var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
	})();
	</script></body></html>