How do I run my application as superuser from Eclipse?

Asked 5/4, 2010 at 18:39 Answered 9/8, 2012 at 9:34

I'm running in to an error when I try to run my server application from Eclipse. The error is java.net.BindException: Permission denied. I think this is because I am using port 443 to set up an SSL connection. I can get around this problem if I run my code on the command line using java and sudo. Is there a way to set up Eclipse so that when I hit the run button, my application is executed with sudo?

Fondness answered 5/4, 2010 at 18:39 Comment(5)

How come javac require sudo access? you may want to edit the question to avoid confusion – Concertina 5/4, 2010 at 18:41

Like I said in the question I believe it is because I'm trying to bind to port 443 using a SSLServerSocket. I could be wrong though. – Fondness 5/4, 2010 at 18:46

If I understand the question correctly, Ronald uses javac to compile and then execute with sudo. And if the program tries to bind port 443, it could cause problems, as in UNIX/Linux systems any port number below 1024 is reserved for root access. – Bipolar 5/4, 2010 at 19:8

Yes, outside of Eclipse I do the following: 1)javac Server.java 2) sudo java Server. This works, but I'd like to keep using Eclipse, so I need to figure out how to make Eclipse run the application as sudo. I'm starting to think this is not possible. – Fondness 5/4, 2010 at 19:10

but the problem isn't javac. It's java (the executable). – Igneous 5/4, 2010 at 19:11

You can follow these steps to compile/debug applications as superuser.

Rename your java-application

sudo mv /usr/lib/jvm/java-6-openjdk/jre/bin/java /usr/lib/jvm/java-6-openjdk/jre/bin/java.ori

Create following script and store it as /usr/lib/jvm/java-6-openjdk/jre/bin/java

#!/bin/bash
# file:  /usr/lib/jvm/java-6-openjdk/jre/bin/java
# descr: Starter for jdk. Runs jdk as root when 
#        cmd-line-arg "--run-as-root" is specified.
#
jre="/usr/lib/jvm/java-6-openjdk/jre/bin/java.ori"
run_as_root=false
args=

# Filter command-line argument
for arg in "$@"
do
  case "$arg" in
  --run-as-root)  run_as_root=true
                  ;;
  *)              args="$args $arg"
                  ;;

  esac
done

# Remove leading whitespaces
args=$(echo $args | sed -e 's/^[ \t]*//')

if $run_as_root
then
  echo "WARNING: Running as root!"
  gksu "$jre $args"
else
  $jre $args
fi

Change the permissions to make it executable

sudo chmod 0755 /usr/lib/jvm/java-6-openjdk/jre/bin/java
Startup eclipse
Go to Window->Preferences->Java->Installed JREs
Duplicate java-6-openjdk to java-6-openjdk-root
Edit JRE and add "--run-as-root" as Default VM Argument

To run projects as root you need to follow these steps:

Go to Project->Properties->Java Build Path
Double-Click the JRE System Library and choose in Alternate JRE "java-6-openjdk-root"

Note: The idea is from http://www.eclipse.org/forums/index.php/mv/msg/87353/724852/#msg_724852

Signora answered 2/4, 2012 at 15:18 Comment(5)

for Fedora 19 I managed it to work by using pkexec (without double quotes) instead of gksu: pkexec $jre $args – Ineffective 3/4, 2014 at 15:16

Hi, I have tried this method, but the following error occurs:

Unrecognized option: --run-as-root     Error: Could not create the Java Virtual Machine.     Error: A fatal exception has occurred. Program will exit.

Any ideas? Thanks. – Wasson 14/7, 2014 at 14:33

@adrian.nicolau: Please check out my answer again and be sure you followed each step as described. The error you are mentioning occurred probably cause you called the jre directly with --run-as-root instead of the bash-script. – Signora 7/8, 2014 at 23:16

Beautiful! Also consider using the --message option on gksu, otherwise you may get a huge dialog containing a very lengthy command line. – Pressing 20/10, 2014 at 15:11

I have two issues about this solution: 1. it will ask for password (not too bad); 2. it change my project settings somewhere and configuration files cannot be found due a "/root/" was added into the original relative path. I am using Fedora 20. – Nolly 5/5, 2015 at 15:10

Assuming you are on Linux (*nix), How about starting your eclipse session via a sudo command?

Such as

sudo ~/eclipse/eclipse

Now whatever you do from eclipse will have the sudo context?

Concertina answered 5/4, 2010 at 19:18 Comment(3)

-1 - This is undesirable ... and dangerous. Any files that you write using eclipse will be owned by root. Worse still, since eclipse is running root, it has permission to read, write or delete any file or directory. Modify or delete the wrong file and you could enter a world of pain. – Bifocal 5/4, 2010 at 23:7

Ouch that hurts. I thought I had just answered for exactly what he was looking for. I wouln't sweat all the ifs-and-buts you mentioned when I am on my development box. – Concertina 5/4, 2010 at 23:12

And one more problem in running eclipse in sudo mode is that if you want to switch back your eclipse to non-sudo mode later, you will face various problems because eclipsed will not be able to write into various files which are now owned by root. This will result in unspecified eclipse behaviour. – Stradivarius 11/2, 2014 at 16:49

As mentioned in this thread:

In order to open a port below 1024 on Unix/Linux systems you need to be "root".

I also used the argument -Dorg.eclipse.equinox.http.jetty.port=8080 to change the listen port, but this seems to be ignored (according to the stacktrace)

Please use "-Dorg.osgi.service.http.port=8080".

As mentioned in HTTP Service:

org.osgi.service.http.port - specifies the port number to use for the http serving. The default value for this property is 80 (which requires root permission), as per the OSGi specification.
org.osgi.service.http.port.secure - specifies the port number to use for secure http serving. The default value for this property is 443 (which requires root permission), as per the OSGi specification.

Maybe if you try to modify that last property to a value above 1024 it could work without requiring any special privilege.

Entrench answered 5/4, 2010 at 20:5 Comment(0)

Another option would be to use iptables or ipfilter to forward port 80 to a port above 1024.

(Can someone contribute a link to a practical and easy-to-understand explanation ?)

Bifocal answered 5/4, 2010 at 22:59 Comment(2)

or ssh: love local encrypted tunnels. – Glaciology 17/11, 2010 at 1:15

This is a practical link using iptables : wiki.eclipse.org/Jetty/Howto/Port80 – Grover 28/12, 2010 at 2:11

A better answer, perhaps, if this serves your needs AND is possible, could be simple port redirection on your router.

Instead of trying to force your linux/unix to open a reserved port, when you are only developing this now (not installing) and you want to run it in a debugger, set your router to redirect incoming (external) port 443 to a port that is more convenient for your current needs (say 4443).

I think most routers support this, and if yours doesn't it gives your mum a good christmas or birthday present idea!

Aerospace answered 10/12, 2011 at 4:39 Comment(1)

whoops, i just realized someone above mentioned the iptable .. same thing. Sorry, not trying to steal your idea! – Aerospace 10/12, 2011 at 4:40

I am writing C not Java but this should work in either case. I use remote debug - define a "remote" connection to LOCALHOST which allows you to specify the user you will connect with, specify ROOT. Then define a Remote Application in debug configuration connection: LOCALHOST. Be sure to check "skip download to target path" at the bottom of the main tab as well as under the connection properties window.

Divisibility answered 6/2, 2012 at 16:1 Comment(0)

You can use Remote Java Application mechanism for this.

Create Debug configuration for Remote Java Application section in Run -> Debug configurations...
Set your project name
Choose Connection type as Standard (Socket Attach)
Configure Connection properties parameters for your binding (for you it will be localhost and 443).
Set breakpoint in your app (e.g. at the beginning of the main method)
Run your app from terminal as superuser with following command: java -Xdebug -Xrunjdwp:transport=dt_socket,server=y,address=443 MyApp
Hit debug button in Eclipse for early created Remote Java Application
You code should be stopped on breakpoint in Eclipse!

Negrophobe answered 9/8, 2012 at 9:34 Comment(0)

If you use External tools (Run menu/External tools or an icon next to the Run/Debug icons on the toolbar), you can use any scripts or whatever you like. The scripts may give you elevated rights, or whatever.

On the other hand, this way debugging the application can become very hard, as neither the Run nor Debug commands get associated with this External tool configuration. Maybe it is possible to connect the Eclipse debugger of the application, but I don't know, how that is possible.

Hashim answered 5/4, 2010 at 19:9 Comment(0)

You may go this way

create a Makefile with javac calls
add the following line:

setcap 'cap_net_admin=+ep' Server

configure sudo to allow your Eclipse user to run setcap.

So you will have a transparent debugging (no sudo wrapper - gdb ok). Cons: it is a local security breach.

Solution:

put this to /opt/my-stupid-eclipse

#!/bin/sh

setcap 'cap_net_admin=+ep cap_net_raw=+ep' $1

chmod +x this script and whitelist it on sudo config.

username ALL=(ALL) NOPASSWD: /opt/my-stupid-eclipse

Add it to your makefile, specify path to your Server binary.

Now you have pretty strange but secure script, that cannot be changed by other users... and still a little breach for replacing Server binary with any malicious code, that will gain caps, so no filename check/stricts will help.. can $1 be contaminated with bash commands, no? Guess, no.

Glaciology answered 17/11, 2010 at 1:2 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags