Thanks Craig.
I assumed that Tomcat installed the Java security manager by
default. This would be the reasonable approach as long as
Tomcat wasn't aiming to support pre-Java2 platforms (e.g.,
JDK 1.1). Is this in fact the case?
I've looked through the documentation directory and I
did not find anything about setting up Java permissions with
Tomcat. I have the following stuff in my tomcat/doc directory:
appdev/
faq
readme
uguide/
none of which explained this procedure. Am I missing some
documentation or just not looking hard enough?
Thanks,
Chad
At 04:54 PM 11/5/2000 -0800, you wrote:
>Chad Loder wrote:
>
> > Hello. I have successfully deployed my first test servlet
> > using Tomcat as a standalone container. I am concerned with
> > the default filesystem permissions given to my servlet
> > by Tomcat.
> >
> > When my servlet is deployed under:
> >
> > tomcat_dir/webapps/mycontext
> >
> > the servlet is allowed to create the following directory:
> >
> > tomcat_dir/mydir
> >
> > It seems to me that the servlet, by default, should have
> > NO filesystem permissions outside of its deployment context.
> >
>
>All of the servlets run in a single instance of Tomcat are running
>inside a single JVM process, so they all (from the point of view of the
>operating system) have a single user identity. Thus, by default, any
>servlet has access to any file accessible to the username you are
>starting Tomcat under.
>
> >
> > Is this behavior by design, and if so, why? :)
> >
> > Also if so, is there a way to disable it without hacking the
> > source code?
> >
>
>If you are running version 3.2 of Tomcat on a JDK 1.2 or 1.3 system, you
>can set up web applications to run under a Java security manager, which
>can be used to limit web app access to files, network ports, the ability
>to start threads, and everything else controllable through the Java
>security model. There's instructions for setting this up in the
>documentation directory.
>
>If you want to try to rely on operating system file permissions, the
>best you can do is run multiple instances of Tomcat, each under an
>appropriate OS username.
>
> >
> > Thanks,
> >
> > Chad Loder
>
>Craig McClanahan
