I agree, it would be an interesting project. I don't think the startup and shutdown scripts would be affected all that much at all. I'm running all of my Tomcat instances as a non-root user. As long as the directory permissions (work directory, etc) are OK, there shouldn't be any issues running non-root.
It certainly would increase the number of people running Tomcat stand-alone, instead of with Apache. My stuff could probably do without Apache, but I won't run anything on port 80 that runs as root. John > -----Original Message----- > From: Sexton, George [mailto:[EMAIL PROTECTED]] > Sent: Friday, September 06, 2002 9:03 AM > To: Tomcat Users List > Subject: RE: Starting and stopping Tomcat as non-root > > > Lately, I have been thinking of writing a JNI library to call > setuid() and > setgid() to change the effective user ID and group ID of the > process after > it starts. > > I'm not sure how this would affect the various startup and > shutdown scripts, > but it would be interesting from a security standpoint. > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>