I'm running in to an error when I try to run my server application from Eclipse. The error is java.net.BindException: Permission denied. I think this is because I am using port 443 to set up an SSL connection. I can get around this problem if I run my code on the command line using java and sudo. Is there a way to set up Eclipse so that when I hit the run button, my application is executed with sudo?
当我试图从Eclipse运行我的服务器应用程序时,我遇到了一个错误。错误是java.net.BindException:拒绝的权限。我认为这是因为我使用端口443来设置SSL连接。如果我使用java和sudo在命令行上运行代码,就可以解决这个问题。是否有一种方法可以设置Eclipse,以便当我点击run按钮时,我的应用程序会与sudo一起执行?
9 个解决方案
#1
15
You can follow these steps to compile/debug applications as superuser.
您可以按照这些步骤来编译/调试应用程序作为超级用户。
-
Rename your java-application
重命名你的java应用程序
sudo mv /usr/lib/jvm/java-6-openjdk/jre/bin/java /usr/lib/jvm/java-6-openjdk/jre/bin/java.ori
sudo mv /usr/lib/jvm/java-6-openjdk / jre / bin / java / bin / java.ori /usr/lib/jvm/java-6-openjdk / jre
-
Create following script and store it as /usr/lib/jvm/java-6-openjdk/jre/bin/java
创建以下脚本并将其存储为/usr/lib/jvm/java-6-openjdk/jre/bin/java。
#!/bin/bash # file: /usr/lib/jvm/java-6-openjdk/jre/bin/java # descr: Starter for jdk. Runs jdk as root when # cmd-line-arg "--run-as-root" is specified. # jre="/usr/lib/jvm/java-6-openjdk/jre/bin/java.ori" run_as_root=false args= # Filter command-line argument for arg in "$@" do case "$arg" in --run-as-root) run_as_root=true ;; *) args="$args $arg" ;; esac done # Remove leading whitespaces args=$(echo $args | sed -e 's/^[ \t]*//') if $run_as_root then echo "WARNING: Running as root!" gksu "$jre $args" else $jre $args fi
-
Change the permissions to make it executable
更改权限以使其可执行。
sudo chmod 0755 /usr/lib/jvm/java-6-openjdk/jre/bin/java
sudo chmod 0755 /usr/lib/jvm/java-6-openjdk / jre / bin / java
-
Startup eclipse
启动eclipse
- Go to Window->Preferences->Java->Installed JREs
- 去窗口- >首选项- > Java - >安装jre
- Duplicate java-6-openjdk to java-6-openjdk-root
- 重复的java-6-openjdk java-6-openjdk-root
- Edit JRE and add "--run-as-root" as Default VM Argument
- 编辑JRE并添加“——run- root”作为默认的VM参数。
To run projects as root you need to follow these steps:
要将项目作为根运行,您需要遵循以下步骤:
- Go to Project->Properties->Java Build Path
- 转到项目->属性->Java构建路径。
- Double-Click the JRE System Library and choose in Alternate JRE "java-6-openjdk-root"
- 双击JRE系统库并在另一个JRE“java-6-openjdk-root”中选择
Note: The idea is from http://www.eclipse.org/forums/index.php/mv/msg/87353/724852/#msg_724852
注意:这个想法来自http://www.eclipse.org/forums/index.php/mv/msg/87353/724852/#msg_724852。
#2
1
Assuming you are on Linux (*nix), How about starting your eclipse session via a sudo command?
假设您在Linux (*nix)上,如何通过sudo命令启动您的eclipse会话?
Such as
如
sudo ~/eclipse/eclipse
Now whatever you do from eclipse will have the sudo context?
现在,无论你从eclipse中做什么,都会有sudo上下文吗?
#3
1
As mentioned in this thread:
如本文所述:
In order to open a port below 1024 on Unix/Linux systems you need to be "root".
为了在Unix/Linux系统上打开一个低于1024的端口,您需要“root”。
I also used the argument
-Dorg.eclipse.equinox.http.jetty.port=8080
to change the listen port, but this seems to be ignored (according to the stacktrace)我还使用了这个参数- dorg.eclipse.二分。http: jetty。端口=8080来改变监听端口,但这似乎被忽略了(根据stacktrace)
Please use "
-Dorg.osgi.service.http.port=8080
".请使用“-Dorg.osgi.service.http.port = 8080”。
As mentioned in HTTP Service:
如HTTP服务中所述:
-
org.osgi.service.http.port
- specifies the port number to use for the http serving. The default value for this property is 80 (which requires root permission), as per the OSGi specification.org.osgi.service.http。端口——指定用于http服务的端口号。此属性的默认值为80(需要root权限),按照OSGi规范。
-
org.osgi.service.http.port.secure
- specifies the port number to use for secure http serving. The default value for this property is 443 (which requires root permission), as per the OSGi specification.org.osgi.service.http.port。安全—指定用于安全http服务的端口号。这个属性的默认值是443(需要root权限),按照OSGi规范。
Maybe if you try to modify that last property to a value above 1024 it could work without requiring any special privilege.
如果您试图将最后一个属性修改为1024以上的值,那么它可以不需要任何特权就可以工作。
#4
1
Another option would be to use iptables or ipfilter to forward port 80 to a port above 1024.
另一种选择是使用iptables或ipfilter将端口80转发到1024以上的端口。
(Can someone contribute a link to a practical and easy-to-understand explanation ?)
(有人能提供一个实用且易于理解的解释的链接吗?)
#5
1
A better answer, perhaps, if this serves your needs AND is possible, could be simple port redirection on your router.
一个更好的答案,也许,如果这满足您的需要,并且是可能的,可能是简单的端口重定向在您的路由器。
Instead of trying to force your linux/unix to open a reserved port, when you are only developing this now (not installing) and you want to run it in a debugger, set your router to redirect incoming (external) port 443 to a port that is more convenient for your current needs (say 4443).
而不是试图强迫你的linux / unix打开保留端口,当你现在只有发展中(未安装),您想要运行调试器,设置你的路由器将传入的(外部)443端口重定向到一个港口更方便你当前的需求(比如4443)。
I think most routers support this, and if yours doesn't it gives your mum a good christmas or birthday present idea!
我想大多数路由器都支持这一点,如果你的路由器没有给你妈妈一个好的圣诞礼物或生日礼物!
#6
1
I am writing C not Java but this should work in either case. I use remote debug - define a "remote" connection to LOCALHOST which allows you to specify the user you will connect with, specify ROOT. Then define a Remote Application in debug configuration connection: LOCALHOST. Be sure to check "skip download to target path" at the bottom of the main tab as well as under the connection properties window.
我写的不是Java,而是这两种情况。我使用远程调试—定义一个“远程”连接到LOCALHOST,它允许您指定要连接的用户,指定根。然后在调试配置连接中定义远程应用程序:LOCALHOST。确保在主选项卡底部和连接属性窗口下检查“跳过下载到目标路径”。
#7
0
If you use External tools (Run menu/External tools or an icon next to the Run/Debug icons on the toolbar), you can use any scripts or whatever you like. The scripts may give you elevated rights, or whatever.
如果您使用外部工具(运行菜单/外部工具或工具栏上运行/调试图标旁边的图标),您可以使用任何脚本或任何您喜欢的。剧本可能会赋予你更高的权利,等等。
On the other hand, this way debugging the application can become very hard, as neither the Run nor Debug commands get associated with this External tool configuration. Maybe it is possible to connect the Eclipse debugger of the application, but I don't know, how that is possible.
另一方面,这种调试应用程序的方式会变得非常困难,因为运行和调试命令都不能与这个外部工具配置相关联。也许可以将应用程序的Eclipse调试器连接起来,但我不知道,这是可能的。
#8
0
You may go this way
你可以走这条路。
- create a Makefile with javac calls
- 用javac调用创建一个Makefile。
- add the following line:
- 添加以下行:
setcap 'cap_net_admin=+ep' Server
- configure sudo to allow your Eclipse user to run setcap.
- 配置sudo允许您的Eclipse用户运行setcap。
So you will have a transparent debugging (no sudo wrapper - gdb ok). Cons: it is a local security breach.
因此,您将有一个透明的调试(没有sudo包装器- gdb ok)。缺点:这是本地的安全漏洞。
Solution:
解决方案:
put this to /opt/my-stupid-eclipse
把这个/ opt / my-stupid-eclipse
#!/bin/sh
# ! / bin / sh
setcap 'cap_net_admin=+ep cap_net_raw=+ep' $1
setcap cap_net_admin = + ep cap_net_raw = + ep的1美元
chmod +x this script and whitelist it on sudo config.
这个脚本并在sudo配置上白名单。
username ALL=(ALL) NOPASSWD: /opt/my-stupid-eclipse
用户名=(全部)NOPASSWD:/ opt / my-stupid-eclipse
Add it to your makefile, specify path to your Server binary.
将它添加到makefile中,指定服务器二进制文件的路径。
Now you have pretty strange but secure script, that cannot be changed by other users... and still a little breach for replacing Server binary with any malicious code, that will gain caps, so no filename check/stricts will help.. can $1 be contaminated with bash commands, no? Guess, no.
现在你有了一个很奇怪但是很安全的脚本,不能被其他用户改变…而且仍然有一点漏洞,可以用任何恶意代码替换服务器二进制代码,这样就可以获得大写,所以没有任何文件名检查/限制会起作用。$1是否会被bash命令所污染?猜,不。
#9
0
You can use Remote Java Application mechanism for this.
您可以为此使用远程Java应用程序机制。
- Create Debug configuration for Remote Java Application section in Run -> Debug configurations...
- 在运行->调试配置中为远程Java应用程序部分创建调试配置…
- Set your project name
- 设置您的项目名称
- Choose Connection type as Standard (Socket Attach)
- 选择连接类型作为标准(套接字连接)
- Configure Connection properties parameters for your binding (for you it will be localhost and 443).
- 为绑定配置连接属性参数(对您来说,它将是localhost和443)。
- Set breakpoint in your app (e.g. at the beginning of the main method)
- 在app中设置断点(例如在main方法开始时)
- Run your app from terminal as superuser with following params: -java Xdebug -Xrunjdwp:transport=dt_socket,server=y,address=443 MyApp
- 从终端运行你的应用程序,作为超级用户使用以下参数:-java Xdebug -Xrunjdwp:transport=dt_socket,server=y,address=443 MyApp。
- Hit debug button in Eclipse for early created Remote Java Application
- 在Eclipse中单击debug按钮,以便尽早创建远程Java应用程序。
- You code should be stopped on breakpoint in Eclipse!
- 您的代码应该在Eclipse的断点处停止!
#1
15
You can follow these steps to compile/debug applications as superuser.
您可以按照这些步骤来编译/调试应用程序作为超级用户。
-
Rename your java-application
重命名你的java应用程序
sudo mv /usr/lib/jvm/java-6-openjdk/jre/bin/java /usr/lib/jvm/java-6-openjdk/jre/bin/java.ori
sudo mv /usr/lib/jvm/java-6-openjdk / jre / bin / java / bin / java.ori /usr/lib/jvm/java-6-openjdk / jre
-
Create following script and store it as /usr/lib/jvm/java-6-openjdk/jre/bin/java
创建以下脚本并将其存储为/usr/lib/jvm/java-6-openjdk/jre/bin/java。
#!/bin/bash # file: /usr/lib/jvm/java-6-openjdk/jre/bin/java # descr: Starter for jdk. Runs jdk as root when # cmd-line-arg "--run-as-root" is specified. # jre="/usr/lib/jvm/java-6-openjdk/jre/bin/java.ori" run_as_root=false args= # Filter command-line argument for arg in "$@" do case "$arg" in --run-as-root) run_as_root=true ;; *) args="$args $arg" ;; esac done # Remove leading whitespaces args=$(echo $args | sed -e 's/^[ \t]*//') if $run_as_root then echo "WARNING: Running as root!" gksu "$jre $args" else $jre $args fi
-
Change the permissions to make it executable
更改权限以使其可执行。
sudo chmod 0755 /usr/lib/jvm/java-6-openjdk/jre/bin/java
sudo chmod 0755 /usr/lib/jvm/java-6-openjdk / jre / bin / java
-
Startup eclipse
启动eclipse
- Go to Window->Preferences->Java->Installed JREs
- 去窗口- >首选项- > Java - >安装jre
- Duplicate java-6-openjdk to java-6-openjdk-root
- 重复的java-6-openjdk java-6-openjdk-root
- Edit JRE and add "--run-as-root" as Default VM Argument
- 编辑JRE并添加“——run- root”作为默认的VM参数。
To run projects as root you need to follow these steps:
要将项目作为根运行,您需要遵循以下步骤:
- Go to Project->Properties->Java Build Path
- 转到项目->属性->Java构建路径。
- Double-Click the JRE System Library and choose in Alternate JRE "java-6-openjdk-root"
- 双击JRE系统库并在另一个JRE“java-6-openjdk-root”中选择
Note: The idea is from http://www.eclipse.org/forums/index.php/mv/msg/87353/724852/#msg_724852
注意:这个想法来自http://www.eclipse.org/forums/index.php/mv/msg/87353/724852/#msg_724852。
#2
1
Assuming you are on Linux (*nix), How about starting your eclipse session via a sudo command?
假设您在Linux (*nix)上,如何通过sudo命令启动您的eclipse会话?
Such as
如
sudo ~/eclipse/eclipse
Now whatever you do from eclipse will have the sudo context?
现在,无论你从eclipse中做什么,都会有sudo上下文吗?
#3
1
As mentioned in this thread:
如本文所述:
In order to open a port below 1024 on Unix/Linux systems you need to be "root".
为了在Unix/Linux系统上打开一个低于1024的端口,您需要“root”。
I also used the argument
-Dorg.eclipse.equinox.http.jetty.port=8080
to change the listen port, but this seems to be ignored (according to the stacktrace)我还使用了这个参数- dorg.eclipse.二分。http: jetty。端口=8080来改变监听端口,但这似乎被忽略了(根据stacktrace)
Please use "
-Dorg.osgi.service.http.port=8080
".请使用“-Dorg.osgi.service.http.port = 8080”。
As mentioned in HTTP Service:
如HTTP服务中所述:
-
org.osgi.service.http.port
- specifies the port number to use for the http serving. The default value for this property is 80 (which requires root permission), as per the OSGi specification.org.osgi.service.http。端口——指定用于http服务的端口号。此属性的默认值为80(需要root权限),按照OSGi规范。
-
org.osgi.service.http.port.secure
- specifies the port number to use for secure http serving. The default value for this property is 443 (which requires root permission), as per the OSGi specification.org.osgi.service.http.port。安全—指定用于安全http服务的端口号。这个属性的默认值是443(需要root权限),按照OSGi规范。
Maybe if you try to modify that last property to a value above 1024 it could work without requiring any special privilege.
如果您试图将最后一个属性修改为1024以上的值,那么它可以不需要任何特权就可以工作。
#4
1
Another option would be to use iptables or ipfilter to forward port 80 to a port above 1024.
另一种选择是使用iptables或ipfilter将端口80转发到1024以上的端口。
(Can someone contribute a link to a practical and easy-to-understand explanation ?)
(有人能提供一个实用且易于理解的解释的链接吗?)
#5
1
A better answer, perhaps, if this serves your needs AND is possible, could be simple port redirection on your router.
一个更好的答案,也许,如果这满足您的需要,并且是可能的,可能是简单的端口重定向在您的路由器。
Instead of trying to force your linux/unix to open a reserved port, when you are only developing this now (not installing) and you want to run it in a debugger, set your router to redirect incoming (external) port 443 to a port that is more convenient for your current needs (say 4443).
而不是试图强迫你的linux / unix打开保留端口,当你现在只有发展中(未安装),您想要运行调试器,设置你的路由器将传入的(外部)443端口重定向到一个港口更方便你当前的需求(比如4443)。
I think most routers support this, and if yours doesn't it gives your mum a good christmas or birthday present idea!
我想大多数路由器都支持这一点,如果你的路由器没有给你妈妈一个好的圣诞礼物或生日礼物!
#6
1
I am writing C not Java but this should work in either case. I use remote debug - define a "remote" connection to LOCALHOST which allows you to specify the user you will connect with, specify ROOT. Then define a Remote Application in debug configuration connection: LOCALHOST. Be sure to check "skip download to target path" at the bottom of the main tab as well as under the connection properties window.
我写的不是Java,而是这两种情况。我使用远程调试—定义一个“远程”连接到LOCALHOST,它允许您指定要连接的用户,指定根。然后在调试配置连接中定义远程应用程序:LOCALHOST。确保在主选项卡底部和连接属性窗口下检查“跳过下载到目标路径”。
#7
0
If you use External tools (Run menu/External tools or an icon next to the Run/Debug icons on the toolbar), you can use any scripts or whatever you like. The scripts may give you elevated rights, or whatever.
如果您使用外部工具(运行菜单/外部工具或工具栏上运行/调试图标旁边的图标),您可以使用任何脚本或任何您喜欢的。剧本可能会赋予你更高的权利,等等。
On the other hand, this way debugging the application can become very hard, as neither the Run nor Debug commands get associated with this External tool configuration. Maybe it is possible to connect the Eclipse debugger of the application, but I don't know, how that is possible.
另一方面,这种调试应用程序的方式会变得非常困难,因为运行和调试命令都不能与这个外部工具配置相关联。也许可以将应用程序的Eclipse调试器连接起来,但我不知道,这是可能的。
#8
0
You may go this way
你可以走这条路。
- create a Makefile with javac calls
- 用javac调用创建一个Makefile。
- add the following line:
- 添加以下行:
setcap 'cap_net_admin=+ep' Server
- configure sudo to allow your Eclipse user to run setcap.
- 配置sudo允许您的Eclipse用户运行setcap。
So you will have a transparent debugging (no sudo wrapper - gdb ok). Cons: it is a local security breach.
因此,您将有一个透明的调试(没有sudo包装器- gdb ok)。缺点:这是本地的安全漏洞。
Solution:
解决方案:
put this to /opt/my-stupid-eclipse
把这个/ opt / my-stupid-eclipse
#!/bin/sh
# ! / bin / sh
setcap 'cap_net_admin=+ep cap_net_raw=+ep' $1
setcap cap_net_admin = + ep cap_net_raw = + ep的1美元
chmod +x this script and whitelist it on sudo config.
这个脚本并在sudo配置上白名单。
username ALL=(ALL) NOPASSWD: /opt/my-stupid-eclipse
用户名=(全部)NOPASSWD:/ opt / my-stupid-eclipse
Add it to your makefile, specify path to your Server binary.
将它添加到makefile中,指定服务器二进制文件的路径。
Now you have pretty strange but secure script, that cannot be changed by other users... and still a little breach for replacing Server binary with any malicious code, that will gain caps, so no filename check/stricts will help.. can $1 be contaminated with bash commands, no? Guess, no.
现在你有了一个很奇怪但是很安全的脚本,不能被其他用户改变…而且仍然有一点漏洞,可以用任何恶意代码替换服务器二进制代码,这样就可以获得大写,所以没有任何文件名检查/限制会起作用。$1是否会被bash命令所污染?猜,不。
#9
0
You can use Remote Java Application mechanism for this.
您可以为此使用远程Java应用程序机制。
- Create Debug configuration for Remote Java Application section in Run -> Debug configurations...
- 在运行->调试配置中为远程Java应用程序部分创建调试配置…
- Set your project name
- 设置您的项目名称
- Choose Connection type as Standard (Socket Attach)
- 选择连接类型作为标准(套接字连接)
- Configure Connection properties parameters for your binding (for you it will be localhost and 443).
- 为绑定配置连接属性参数(对您来说,它将是localhost和443)。
- Set breakpoint in your app (e.g. at the beginning of the main method)
- 在app中设置断点(例如在main方法开始时)
- Run your app from terminal as superuser with following params: -java Xdebug -Xrunjdwp:transport=dt_socket,server=y,address=443 MyApp
- 从终端运行你的应用程序,作为超级用户使用以下参数:-java Xdebug -Xrunjdwp:transport=dt_socket,server=y,address=443 MyApp。
- Hit debug button in Eclipse for early created Remote Java Application
- 在Eclipse中单击debug按钮,以便尽早创建远程Java应用程序。
- You code should be stopped on breakpoint in Eclipse!
- 您的代码应该在Eclipse的断点处停止!