Re: Tomcat setup permissions under linux

Wed, 25 Oct 2000 09:45:40 -0700 

Now my tomcat is running as "myapp" user, with the following permissions:
- I created a new group "tomcat".
- I added "myapp" to that group.
- Changed the group ownership of all the tomcat files to group "tomcat".
- Give group write access to the directories "logs", "work", "webapp" and
"conf" (seems to need to have write access for a Netscape autoconfiguration
file?).

I am not sure that this is the most secure configuration for what I want to
do, but at least it's minimalist.

Pierre M�tras

----- Original Message -----
From: "Pierre M�tras" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 25, 2000 12:10 AM
Subject: Tomcat setup permissions under linux


> Hi all,
>
> I want to test my application in a deployment context and try it under
> linux.
>
> I have set up a new PC with linux Debian 2.2, Sun JRE 1.3 and Tomcat
3.2B6.
> When I untar the tomcat bin file, in the "/usr/local" directory, I noticed
> that all files where owned by a user "500" and group "500". I checked in
the
> "/etc/passwd" that there's no user with id 500, so I choose to change the
> property of all tomcat files and directories to "root.staff".
>
> Now I created a "myapp" user that will own the application files, and I
> don't want to give it access to root rights.
>
> If I try to start tomcat from the "myapp" login, I obtain screenfull of
> errors because tomcat can't access the "logs" and "work" directories. And
> effectively, these directories are not created as they are on my
development
> environment.
>
> Here come the questions:
> [1] What should be tomcat files and directories permissions to allow
access
> to different users, under "/usr/local"? Must I run tomcat once as root to
> create the missing directories and create initialization files?
> [2] How should I start tomcat to give it the rights of some specific users
> (and not root)? If I have two different users, should I need to start two
> instances of tomcat?
>
> Perhaps these are more linux questions and I'm not an expert in that field
> but I want to setup my application with the right level of security on
that
> platform.
> Thanks for your help.
>
> Pierre M�tras
>
>
>

Reply via email to