On Fri, Apr 15, 2005 at 08:37:14AM -0600, Lorenzo Jim?nez wrote:
: Today we saw that our Tomcat 5.0.28 had been installed and it is running with
: the root user.
: how can I change it to other less dangerous user?, and
: what privileges needs to have in order to work?
You've already gotten some wise advice from other posters, so I'll just
add this:
if Tomcat doesn't need to bind to a privileged port (below 1024) then
you don't have to use jsvc or netfilter. You can write an init script
that does one of the following:
1/ su - {user} -c {path to tomcat's startup.sh}
2/ use erni instead of su
3/ use sudo instead of su
In all three cases, the init script (running as root) will change to the
Tomcat user before starting Tomcat.
btw, if Tomcat's been running as root all this time, you'll have to do
some fine-tuning with the permissions to get it to work. You *could*
just recursively chown the Tomcat dir to the nonroot user; but as long
as you're interested in security, you could determine which files need
to be writable and only chown those. (Hint: logs, work dir, and maybe
the webapps dir depending on how strict is your deployment process.)
Write back if you want more info. I've done this before, I just don't
have any examples right in front of me.
-QM
--
software -- http://www.brandxdev.net/
tech news -- http://www.RoarNetworX.com/
code scan -- http://www.JxRef.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
