Set the effective user ID of the Java process.

Dmitrii Kashin freehck at
Mon Sep 11 12:31:12 UTC 2017

I'd like to add to the conversation that this thread was started because
of the argue here[1] (russian).

The main point of the argue was dropping privileges from root to some
user after the program performed all the needed actions (f.e. when it
started listening port < 1024).

We've found an example in commons-daemon code[2] how to drop privileges
in MS Windows systems. It seems a new Access Token is created for some
unprivileged user, and then spawns a new process with this token.

I suppose it makes some sense to say about it here: it would be very
useful to have a possibility to drop privileges to some user. Please
consider it as a user request.


bruno ais <brunoaiss at> writes:

> Any idea how it can be done on Windows?
> Or better yet; is there a cross-platform thing or equivalence of that
> feature?
> If not, then that can easily be the reason.
> On Mon, Sep 11, 2017 at 9:29 AM, DoWhile ForEach <dowhileforeach at>
> wrote:
>> Hello.
>> Please explain someone why the Java API has not yet implemented a method
>> that allows you to set the effective user ID of the Java process.
>> To accomplish this simple task, you have to make some workarounds.
>> A striking example of such workarounds is jsvc tool from the Apache
>> commons-daemon project for Tomcat server:
>> c6507690113949b478dba157ef/src/native/unix/native/jsvc-unix.c#L163

More information about the core-libs-dev mailing list