So, is it insecure to run standalone Tomcat as a root process on a Linux system? By 'running Tomcat as a root process', I mean running the startup.sh script while logged in as the su (presumably with nohup).
Some people seem to think that running a server as a root process in inherently insecure. But I've also seen it argued that because standalone Tomcat runs in Java sandbox, it is very secure independent of how its running. This makes sense to me, but I'm not very knowledable about this sort of things.
Thanks,
bw
PS The purpose of running as root is, of course, so that Tomcat can listen to ports 80 and 443. I know that there are other ways of accomplishing this (using netfilter, etc.) but I'd prefer to avoid them if possible. I need to run Tomcat in an evironment that I don't know very well (a vps under redhat) - so the less I have to screw around with the operating system the better. Setting Tomcat to listent to port 80, etc. is simple and portable, which is a big advantage for me.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
