On Fri, 17 Aug 2001, Doug Sparling wrote:
> > I personally would never run a web app as root just
> > for the black hole of security issues dealing with the outside internet.
>
> Do you create a 'tomcat' user? I'm assuming
> permissions or owner must be changed under
> /usr/local/jakarta-tomcat....
I am running Tomcat 3.2.3 as a 'tomcat' user in a 'tomcat' group. By
default, I have made all files owned by root and made them world-readable
(not writable) using something like this (as a root)
cd .../jakarta-tomcat-3.2.3
chown -R root:root .
chmod -R go= .
find . -perm -100 -exec chmod go+x \{\} \;
find . -perm -400 -exec chmod go+r \{\} \;
Then I have done the following changes (as a root).
cd .../jakarta-tomcat-3.2.3
mkdir logs ; chown tomcat logs ; chmod 755 logs
mkdir work ; chown tomcat work ; chmod 755 work
cd conf
touch iis_redirect.reg-auto
chown tomcat iis_redirect.reg-auto
touch mod_jk.conf-auto
chown tomcat mod_jk.conf-auto
touch obj.conf-auto
chown tomcat obj.conf-auto
touch tomcat-apache.conf
chown tomcat tomcat-apache.conf
touch uriworkermap.properties-auto
chown tomcat uriworkermap.properties-auto
If you use conf/tomcat-users.xml for authentication (not really a good
idea if you have anything "dynamic" there), you most probably want to do
chown tomcat tomcat-users.xml ; chmod 400 tomcat-users.xml
Depending on the level of paranoia you might want to do the same to some
other configuration files as well.
Note 1: You might not want to make the 'logs' directory world-readable,
again depending on the desired local security level.
Note 2: You could also place the modifiable tomcat owned directories/files
to a different location in a file system and use symbolic links in
jakarta-tomcat-3.2.3 (or tweak configuration) for clarity (I have logs ->
/var/log/tomcat, for example).
The webapps have been installed as root owned, world-readable files. I
extract them by hand (doing "cd webapps ; mkdir foobar ; jar xf
../foobar.war" as a root). None of my webapps need write access to
anywhere else than /tmp.
I am starting the Tomcat from /etc/rc.d/init.d/tomcat script (using it in
stand-alone mode) using "exec su -c $TOMCAT_HOME/bin/startup.sh tomcat".
I hope I didn't forget anything. This works for me on a production server.
The procedure to run Tomcat as a nonpriviledged user should really be
better documented because no-one runs (well, should not run IMO) it as a
root owned daemon in a production environment.
Best regards,
--
Johannes Lehtinen <[EMAIL PROTECTED]>, http://www.iki.fi/jle/
