I'm developing a small application in Java to control my players (MPlayer, Amarok, ...) with remote control: web access.
I would like to make this small application as a linux service (systemctl start/stop/enable <myApplicationService>). It need:
- listening on port 80: it provide a web application
- starting mplayer
If I start application as root (with systemctl), I can use port 80, but I can't start mplayer: it tell me it can't access to OpenGL.
But if I start my application as user, I can remotely start mplayer, but I have a permission denied for using port 80.
Do you have solution / idea to get both working?
Split it into two parts and use a named pipe or other communication method to connect the two. One provides web service, the other runs the multimedia.
There are other ways, but this is quick and simple.
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
You assume people are rational and influenced by evidence. You must not work with the public much. -- Trilby
How to Ask Questions the Smart Way
Sorry for this late answer...
Spitting application in 2 parts is not a bad idea, but it's not as simple as it seam and it's not my immediate objective.
What's for the other solutions?
Is-it possible to create a specific user who can use port 80 and use multimedia?
How to start a service as unprivileged user?
Or set it up on an unprivileged port (>1024) running under user profile and forward port 80 to this port with iptables.
[starting a service as unprivileged user] well, simply executing your applications starts it under your user privileges, already. So nothing special.
But of course you could write a systemd service file (if you are using systemd) or sysV init script (if on sysV's init rc.d, etc) for your application, where you specify
under which users privileges to run your application (and when, e.g. autostart on system init)
To run an application under specific users privileges it's actually enough to use
sudo -u user -H ./application
For security reasons it's also recommended to setup a user account just for this app, so in case an attacker gets access to the shell, for example, through your application,
he/she will only be able to act under it's privileges.
btw. you don't have to use port 80, to be able to access your network application.
Port 80 is the default www port, for all the other ports, you have to provide them to the browser like http://localhost:8080/path/parsed/by/your/applications/
Last edited by kulpae (2014-04-26 18:46:59)
This is easy to do with systemd. Let systemd start the program as unprivileged user, but let systemd open the port. It's easy to do in C, but I have no idea about Java.
EDIT: There is some information here.
Last edited by brain0 (2014-04-26 21:07:24)