On Thu, 10 May 2001, Joel Dudley wrote:
> Hello all,
> I have a security question for you all. We are going to have some java
> processes running on our server and, for security reasons, we would prefer
> that the JVM not run as root. However, due to the nature of our app and
> infrastructure out app needs to be able to do things as different users. The
> only way I can think to do this is by having the JVM run as root and
> spawning threads that have the permissions x user. Is there another way to
> approach this problem? Is it passible for an app to spawn a process as a
> different user if they are not root? Thanks.
If you intend to run as a service, you can make a non-priveledged user
account and start the service from an rc.d script as
su -p <non-priviledged-user> -c <start-command> >> /var/log/<your-log> 2>&1
The start command can be arbitrary complex (preferable a script) which
sets up the environment for you app.
Hope this helps.
-- dimitris
mailto:[EMAIL PROTECTED]
----------------------------------------------------------------------
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
