Hi,
I'm using setcap to enable java (openjdk) to bind port 443. So with setcap I can avoid using a privileged (root/wheel) account/group. And it works great but after a yum update openjdk is most of the time updated also and that breaks my setcap settings because setcap has to be set on the java binary itself. For example:
setcap 'cap_net_bind_service=+ep' /usr/lib/jvm/java-11-openjdk-11.0.17.0.8-2.0.1.el9_0.x86_64/bin/java
and putting /usr/lib/jvm/java-11-openjdk-11.0.17.0.8-2.0.1.el9_0.x86_64/lib/jli in /etc/ld.so.conf.d/java.conf
So after an update I have to set the setcap again and update java.conf. I've created an script to help me with that:
JAVAP=
setcap 'cap_net_bind_service=+ep' $JAVAP
getcap $JAVAP
JAVAL=
echo $JAVAL > /etc/ld.so.conf.d/java.conf
ldconfig
ldconfig -p|grep libjli
Is there someother way to do this? with less human intervation? (I'm not keen on creating a crontab jon or something like that).
By the way: I'm using Oracle Linux 9. OL is a "clone" of Red Hat.
regards,
Ivan
I'm using setcap to enable java (openjdk) to bind port 443. So with setcap I can avoid using a privileged (root/wheel) account/group. And it works great but after a yum update openjdk is most of the time updated also and that breaks my setcap settings because setcap has to be set on the java binary itself. For example:
setcap 'cap_net_bind_service=+ep' /usr/lib/jvm/java-11-openjdk-11.0.17.0.8-2.0.1.el9_0.x86_64/bin/java
and putting /usr/lib/jvm/java-11-openjdk-11.0.17.0.8-2.0.1.el9_0.x86_64/lib/jli in /etc/ld.so.conf.d/java.conf
So after an update I have to set the setcap again and update java.conf. I've created an script to help me with that:
JAVAP=
/sbin/update-alternatives --list |awk -- '$1=="java" {print $3}'
setcap 'cap_net_bind_service=+ep' $JAVAP
getcap $JAVAP
JAVAL=
echo $JAVAP|sed -e 's/bin\/java/lib\/jli/'
echo $JAVAL > /etc/ld.so.conf.d/java.conf
ldconfig
ldconfig -p|grep libjli
Is there someother way to do this? with less human intervation? (I'm not keen on creating a crontab jon or something like that).
By the way: I'm using Oracle Linux 9. OL is a "clone" of Red Hat.
regards,
Ivan