Le 21/07/2016 à 13:52, Emmanuel Bourg a écrit :
> I don't think any user can start Tomcat, because the init script has to
> switch to the tomcat user at some point and this requires root privileges.
The init.d script also generates the catalina.policy file as read-only
for the tomcat user, and this must be performed as root.
> That said the 'status' option should be usable by anyone. Currently it's
> restricted to the administrator.
This is no longer true with systemd, anyone can run:
systemctl status tomcat8.service
> Should the tomcat user be allowed to control the daemon? I'm not sure
> this is a good idea, because a simple malicious JSP could then stop the
Actually a malicious JSP or an exploited vulnerability in a web
application can already stop the server simply by executing 'killall
java' (if the security manager is disabled).
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.