Many thanks for your reply. Does your solution works with NIS?
Also I have found on the server config site that :
"The operating system username under which Catalina is executed MUST
have read access to each user's web application directory, and all of its contents."
In my case that probably means that I will have to run Catalina as root.
Are there any known security problems with that?
The safest way is to start tomcat as root and switch id to nobody, and to place all
your users in the same group. The users give no access to group, but rw to others.
Be sure to run with security turned on. All servlets will run with the permissions of the
id that tomcat is executed as. With security on, by default servlets can only rw files in
its class directory.
If you run tomcat as a normal user, be sure this id is not in the same group as all the
other users.
All users should authenticate for access to the webapps.
About implementing my own manager ,I am not realy a java programmer Does anybody knows about such a thing already done?
I like the idea that someone else suggested about virtual hosts. As an alternative, you could have an authenticated servlet that executes an ant script that will access the manager. The servlet would only allow start, stop and reload.
Thanks.
On Fri, 02 Jan 2004 11:00:24 -0500, Tim Downey <[EMAIL PROTECTED]> wrote:
>> The main perpose of the server - a programming course,the >> students should develope their projects on it. >> Students probably should be able to do the folowing: >> [1] deploy/redeply/reload their applications
Using Tomcat as a stand-alone server, you can create a ~ directory for each
user in /etc/passwd. Add a Listener for UserConfig in the Host.
>> [2] they should NOT be able to do the same for the >> other students applications
The ~ directories have individual user access privileges.
>> [3] they can't restart the server ,of course, since >> students don't have root access.
I am unfamiliar with creating a new manager, but it seems that you should
be able to write a servlet that can only be accessed by registered users.
This servlet will send stop/start for a particular user's web app directory.
It is possible to send messages to the manager via HTTP. Your servlet
will need to authenticate as the manager, and then send the correct HTTP
request.
Perhaps someone else has a slicker solution. I would love to hear it.
>> So,using manager app is not appropriate - that way all the >> students will be able to manage all the application.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Tim Downey [EMAIL PROTECTED] http://www.cs.fiu.edu/~downeyt
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
