On Fri, 2002-09-06 at 14:40, Shapira, Yoav wrote: > Hi, > How about not letting any regular user execute bin/shutdown.sh? ;) ;) ;) Nope, it's not the solution.
Anyone can download tomcat, extract shutdown.sh and execute. Shutdown connects to Tomcat through a socket, so it's even possible across the net. After briefly reviewing Tomcat installation I think the best solution is to change shutdown attribute in <Server className="org.apache.catalina.core.StandardServer" port="8005" debug="0" shutdown="SHUTDOWN"> to some other string, acting as password, and then chmod og-rx server.xml. Any comments ? -=Czaj-nick=- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
