[EMAIL PROTECTED] wrote:
I believe it is safer to run a web application as a non-root user.
How make the script that starts the web application behave
as if a non-root user started it?
For applications that clients (or remote users, if you will) will need to access such as a
web application, I usually setup a user account for that application. The account will
only be able to run the application(s) needed so that it can't be used to hack into the
system.
Currently, my development Tomcat server runs under my normal user account, but once I'm
ready to deploy the application to the live server, it'll run as some other
yet-to-be-named user account. Note that some ports can not be opened unless the
application trying to open them has root permissions. In such a case (where the
application/user needs some kind of elevated privilege) the account can have a group with
the appropriate permissions or sudo can be used to give the "user" the limited permissions
needed.
I'm sure others will have other ways of doing it (there's usually more than one way to do
things in UNIX environments, which is one thing I like about it so much).
PGA
--
Paul G. Allen
Owner, Sr. Engineer, BSIT/SE
Random Logic Consulting Services
www.randomlogic.com
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
