Nah .. thats not gonna work. Because a user can always download the tomcat
package him/herself and get the stuff s/he needs to shut it down. In fact,
I think anyone can connect to port 8007 and tell Tomcat to shutdown!
- Arcadio
----- Original Message -----
From: "Artigas, Ricardo Y." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 23, 2001 9:16 PM
Subject: RE: *** Ordinary users can kill the tomcat server? ***
> It may be because the permission for the shutdown.sh script was granted to
> everyone. Change the permissions for the shutdown script so not everyone
> can execute it. HTH.
>
> :^)
> Ricky Y. Artigas
> Analyst/Programmer /
> Database Administrator
> Information Technology Division
> Easycall Communications Phils., Inc.
> - Easycall Internet -
> 418 Arayat St., Mandaluyong City 1550, Philippines
> Personal WAP Site: http://www.buzzed.co.uk/mobile/?rya
> Company Website: http://www.easycall.com.ph
> Tel.no: (+632) 5338001 ext.6574
> Mobile:(+63) 0917-8951783
> Pager: 141-002955
> Email: [EMAIL PROTECTED]
>
>
> > -------------------------------
> > IMPORTANT NOTICE:
>
> > This message (and any attachment hereto) may contain privileged and/or
> > confidential information specific to EasyCall. If you are not the
intended
> > addressee indicated in this message, you may not copy or disseminate
this
> > message (or any attachment hereto) to anyone. Instead, please destroy
this
> > message (and any attachment hereto), and kindly notify the sender by
reply
> > email. Any information in this message (and any attachment thereto) that
> > do not relate to the official business of EasyCall shall be understood
as
> > neither given nor endorsed by the company.
> >
> >
> > -----Original Message-----
> > From: Brian George [SMTP:[EMAIL PROTECTED]]
> > Sent: Thursday, May 24, 2001 8:54 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: *** Ordinary users can kill the tomcat server? ***
> >
> > Please UNSUBSCRIBE me.
> >
> > I did not subscribe to this listserve.
> >
> > > -----Original Message-----
> > > From: Arcadio A. Sincero Jr. [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, May 23, 2001 4:55 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: *** Ordinary users can kill the tomcat server? ***
> > >
> > >
> > > Hello list,
> > >
> > > I noticed that even if I start tomcat as root, ordinary users can
> > > simply run
> > > the shutdown.sh script themselves and cause it to terminate.
> > > This can't be
> > > right, can it? I mean, it doesn't seem like normal users should
> > > be able to
> > > kill system services right? Did I do something wrong in the
> > configuration
> > > or is this normal behavior? Thanks.
> > >
> > > - Arcadio
> > >
> > >
>
