Run it a non-root user (e.g., tomcat). Realistically, the biggest problem is the OS cannot protect the server from malicious code. You webapp would have access to run any command as root using java.lang.Runtime.exec(String) which is not a good idea.
> -----Original Message-----
> From: Sam Seaver [mailto:[EMAIL PROTECTED]]
> Sent: Friday, March 28, 2003 1:58 PM
> To: [EMAIL PROTECTED]
> Subject: running tomcat as root
>
>
> I have a question...
>
> Tomcat is installed at /usr/local/tomcat and i start it up as root.
>
> Does this pose any greater security risk than running it as
> normal user?
>
> thanks
> Sam
>
> _________________________________________________________________
>
> ______________________________________________________________
> _____________
> To unsubscribe, send email to [EMAIL PROTECTED] and
> include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources:
> http://java.sun.com/products/servlet/external-> resources.html
>
> LISTSERV Help:
> http://www.lsoft.com/manuals/user/user.html
>
