Hello all, I installed Tomcat 4.0.6 from the ports tree on a new OpenBSD 3.1 box. After downloading the jdk-linux-1.3.1_04 binary from Sun, it runs fine. The purpose of this box is to server as a Tomcat servlet testbed.
I need to grant access to this box to a couple of contract programmers. Since this box is inside my firewall, I'd like to minimize the amount of exposure, and grant only the rights necessary to program/test/debug web applications. On a related note, I think I will need to place a CVS repository on this box, unless that turns out to be an extraordinarily bad idea. I read through the docs: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/index.html I'm still reading through http://www.jguru.com/forums/ask.jsp?op=5&topic=Tomcat This article http://ezine.daemonnews.org/200203/tomcat-jakarta.html unfortunately didn't have anything about security. Questions: Setting up Tomcat to not start as root? Proper startup from /etc/rc.local? (Or, how do I set $JAVA_HOME on startup?) Proper file permissions on /usr/local/jdk1.3.1-linux and /usr/local/jakarta-tomcat-4.0.6? Thanks for any pointers, tips, or references! *************************** * Adam Getchell [EMAIL PROTECTED] * System Architect/Programmer (530) 752-1584 * Human Resources Information Systems http://www.hr.ucdavis.edu/ *************************** "Invincibility is in oneself, vulnerability in the opponent." -- Sun Tzu -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>