| Re: [jetty-users] SetUID ported to 12? |
> It was never updated for Jetty 10/11, doesn't work with Jetty 10/11
> properly, and we've had zero complaints about that too.
It works fine for me with 10 and 11, at least it seems to. Since it has continued to ship with the software, there was no reason for me to ever ask about it being supported, and I assumed it still was.
> What exactly are you trying to accomplish with that old custom libsetuid
> functionality that cannot be done with existing tooling in your environment?
>(Eg: run Jetty with a specific userid)
The alternatives are all much worse IMHO. Chaining ports with a firewall is less performant, and brittle, very easy to screw up, and introduces a huge loss of "locality" to the whole system.
The SETCAP thing probably works and will probably be my preferred option to try, though it's relatively recent in terms of Red Hat releases (relatively, it probably does exist on 7, though if not, that's a problem for me for the moment). Its main issue is it applies to the whole java binary, not just the Jetty process, but for a single use server it's fine.
Supposedly systemd can do something declaratively I think, but I don't know if it works with Java, and I have never managed to get a unit file working with Jetty. But that's largely due to my not having to up until now. Systemd is also an abomination to begin with of course but is an unavoidable evil now.
Anyway, if it's not supported, it's not, that's what I needed to know. I would say you probably shouldn't be including the shared libs and the module for it though, it certainly makes it appear that it's still a standard feature.
-- Scott