For applications which require root permissions we do the following:
Apache mod_jk (non root) <-AJP-> Tomcat (non root) <-SSL-> Tomcat SOAP server (root)
Any business logic which requires root permission is implemented as a
SOAP web service in the SOAP server which runs as root. That SOAP
server is locked down with the SecurityManager and a very strict catalina.policy.
The strict policy protects us from root level exploits and from hurting ourselves.
i.e. We lock down file permissions to only those files/directories which the
SOAP web services need to administer.
The SSL connection is further locked down with X509 certificates. Each side
of the SSL connection must present a certificate that the other side has the
public key for. Also the catalina.policy restricts what IP's it will allow
SSL connections from.
The SOAP web services also validate all input which comes from the client.
Regards,
Glenn
Qmail List wrote:
I have been wondering about this as well. Apache screams and hollers
BIG_SECURITY_HOLE if you compile it with the flags allowing it to run as
root.
That said, I love the fact that Tomcat runs as root. It makes it easy for
your webapp to do things admin applications, servers, and networks from a
web interface.
But at what cost? Of course it would be best to run Tomcat as nobody or
tomcat user or whoever, but if your app needs some root permission at the OS
level, is it OK to run as root?
I'd imagine the root OK concept must be due to the underlying Java, but
can't really see why or how. Anyone know?
Great product this Tomcat. Kudos to all involved.
----- Original Message -----
From: "Turner, John" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Thursday, October 17, 2002 1:57 PM
Subject: RE: Best practices question
I run Tomcat under a separate user account. I avoid running services as
root whenever possible.
John
-----Original Message-----
From: Randy Paries [mailto:randy.paries@;unitnet.com]
Sent: Thursday, October 17, 2002 1:56 PM
To: 'Tomcat Users List'
Subject: Best practices question
Hello,
I was wondering are most people starting tomcat from root, or are they
doing it other ways.
What is the suggestion for this.
How big are the security issues if started by root
Would it be ok to start it by user apache?
Thanks
--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@;jakarta.apache.org>
--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@;jakarta.apache.org>
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
