On 22.05.19 18:31, Christopher Schultz wrote: > Claude, > > On 5/21/19 14:20, Claude Brisson wrote: > > (responding to myself) > > > The culprit is the option > > > NoNewPrivileges=true > > > in the file > > /etc/systemd/system/multi-user.target.wants/tomcat8.service > > > When changed to false, one must also call 'systemctl daemon-reload' > > and after a tomcat restart, the problem is solved. > > I'd seriously consider whether or not you want to actually do this. > > It might be better to write a tiny daemon which has elevated > privileges to perform whatever operation you want and have your web > application ping it to do some work, rather than making the whole > Tomcat process able to elevate its privileges.
Seconding this. Running a web-facing daemon with the option of executing system commands as root is a recipe for disaster. Don't even think of going there. There might be rare occasions where there's a good reason for this architecture, but the keyword here is "rare". It'll need a *very* good reason. And "how do I enable sudo?" isn't one. You have been warned, and so has everyone else finding this thread in future with the intend of making the same architectural decision. On stackoverflow, this is called the x-y problem (https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem). I'd recommend reading a few of those answers and reconsider the question, to come up with the X instead of the Y. Olaf --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
