Hi All
I have come across an instance of DSpace where the Tomcat6 server has been
configured to run as the "root" user. It has been a rule to never run a
critical production service as the "root" user on a Unix/Linux system.
My question is;
What security guidelines do the DSpace community have in this regard taking
into account the many reports of Java insecurity on the web lately?
I do not get a good feeling seeing a Java webapp running as the "root"
user. It is kind of like walking across a minefield blindfolded, you know
something bad is going to happen but not when.
Cheers
hg
--
*Hilton Gibson*
Linux Systems Administrator
JS Gericke Library
Room 1025C
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa
Tel: +27 21 808 4100 | Cell: +27 84 646 4758
http://library.sun.ac.za
http://scholar.sun.ac.za
http://www.journals.ac.za
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
