Have rundeck run on port 80
Is there a way to have the rundeckd service bind to port 80 as root and then drop down to the rundeck user?
There is no out of the box solution for this as far as I can see. For what you want to achieve, the program should use Privilege separation:
In computer programming and computer security, privilege separation is a technique in which a program is divided into parts which are limited to the specific privileges they require in order to perform a specific task. This is used to mitigate the potential damage of a computer security attack.
A common method to implement privilege separation is to have a computer program fork into two processes. The main program drops privileges, and the smaller program keeps privileges in order to perform a certain task. The two halves then communicate via a socket pair. Thus, any successful attack against the larger program will gain minimal access, even though the pair of programs will be capable of performing privileged operations.
Privilege separation is traditionally accomplished by distinguishing a real user ID/group ID from the effective user ID/group ID, using the setuid(2)/setgid(2) and related system calls, which were specified by POSIX. If these are incorrectly positioned, gaps can allow widespread network penetration.
As mentioned above, a process can call the setuid(2), and setgid(2) to drop the privilages after starting as root.
And for all this to work you will possibly need to do fundamental changes in rundeck code, if you are that desperate.
Please see : How and why Linux daemons drop privileges and
https://unix.stackexchange.com/questions/21282/drop-process-privileges
Or you can use authbind that allows non-root programs to bind() to lower ports.
And for binding to another port according to Rundeck Installtion guide: System properties, among others:
You can customize the launcher behavior by using some java system properties.
Specify these properties using the normal
-Dproperty=value
commandline options to thejava
command:server.http.port The HTTP port to use for the server, default "4440" server.https.port The HTTPS port to use or the server, default "4443"