If you configure listeners with port numbers lower than 1024, you must start the server while logged in as the system root account. This presents a security risk because the server accepts network connections while running as root.
Workaround: To minimize this risk:
Create a C++ service component with a start method that calls the setuid or similar system C routine to change the effective user ID to an account with minimal privileges (at least read/write privileges on the EAServer installation directory and the files and directories within).
Install the service component in EAServer.
Optionally, configure the jagsrv executable to run as “root”.
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|
