On Sat, May 29, 2004 at 05:28:44PM -0400, Stuart Mackey wrote:
: So I set up a limited user account to run my Tomcat service on XP Pro. My
: question is, what specific rights are need for which folders under
: CATALINA_HOME? It seems to run ok with "read & execute", "list directory",
: and "read" for the whole branch with "write" specifically for the logs
: directory.
Maybe I can help: I separate the webapp (CATALINA_BASE) from the Tomcat
files (CATALINA_HOME). That means nothing in the Tomcat install dir need
be writable to the webapp owner.
Additionally, within CATALINA_BASE, I have a dir structure similar to the
following:
{CATALINA_BASE}
|
+- bin/ (Tomcat start scripts, etc)
|
+- conf/ (global web.xml, server.xml)
| |
| +-Standalone (where Tomcat writes context.xml data, etc)
|
+- logs/ (catalina.out, Tomcat logs, etc)
|
+- webapps/ (web apps, either WAR files or exploded dirs)
|
+- work/ (Tomcat temp files, e.g. compiled JSPs)
For my setup, this is all writable to the Tomcat user; but that could be
limited to:
conf/Standalone/
logs/
work/
(If another user is responsible for installing the WAR file and global
configs, then bin/, conf/, and webapps/ needn't be writable.)
This is all off the top of my head so I may be missing something... but
it's a start.
I've had to do similar work several times in the past; it requires a lot of
patience and some knowledge of what the app/user must do at a given time.
If NT/XP has decent trace tools (Solaris truss, Linux strace, etc), you can
see what files the app tries to open and base your decisions on that.
That's helped me a *lot*.
Good luck!
-QM
--
software -- http://www.brandxdev.net
tech news -- http://www.RoarNetworX.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
