RE: *** Ordinary users can kill the tomcat server? ***The execute() method
of the org.apache.tomcat.task.StopTomcat class first does a scan of the
localhost for a valid Ajp12 connector to determine the port number. So I
imagine it is possible to use a port other than 8007. You just need to tell
Title: RE: *** Ordinary users can kill the tomcat server? ***
This is definately a problem, but you can minimize this problem by restricting access to port 8007 to the local machine in the server.xml by adding:
Then you can control who has access to the production machine.
This
authentication
that I don't know about?
- Arcadio
- Original Message -
From: "Artigas, Ricardo Y." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 23, 2001 9:16 PM
Subject: RE: *** Ordinary users can kill the tomcat server? ***
> It may be because the
t; <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 23, 2001 9:16 PM
Subject: RE: *** Ordinary users can kill the tomcat server? ***
> It may be because the permission for the shutdown.sh script was granted to
> everyone. Change the permissions for the shutdown s
tood as
> neither given nor endorsed by the company.
>
>
> -Original Message-
> From: Brian George [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, May 24, 2001 8:54 AM
> To: [EMAIL PROTECTED]
> Subject: RE: *** Ordinary users can kill the tomcat server? ***
>
Please UNSUBSCRIBE me.
I did not subscribe to this listserve.
> -Original Message-
> From: Arcadio A. Sincero Jr. [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 23, 2001 4:55 PM
> To: [EMAIL PROTECTED]
> Subject: *** Ordinary users can kill the tomcat server? ***
&
Hello list,
I noticed that even if I start tomcat as root, ordinary users can simply run
the shutdown.sh script themselves and cause it to terminate. This can't be
right, can it? I mean, it doesn't seem like normal users should be able to
kill system services right? Did I do something wrong in