Hi,
> Surely! I *never* run tomcat as root. On my production servers it runs
> as user 'tomcat'. Create the user (and group if you like); unpack
> tomcat as that user, to create all the bits with that user's
> permissions; write your startup script to start tomcat as that user.
That is exactly what I ended up doing. It was just that we have this
little perl script that checks what non root processes are doing and kills
them if they use too much ram etc. etc. It helps to keep machines alive
really well. As you can imagine, running tomcat as user tomcat meant that
it was killed immediately. I was kind of hoping to switch uid/gid so that
the ppid of the processes where root owned and thus pss (the script) could
not kill it the main thread but could kill any children that went crazy.
As it was I managed to persuade one of the guys to let me alter the script
to allow tomcat. Just gotta hope the 600 damn threads it launches don't do
horrible things. My thread limitation entries in server.xml are still
being ignored.... oh well.
Paul
