I prefer to use a didicated user (like tomcat) to give him the just the rights that are needed to run tomcat and the application.
If there is more than one application using the user nobody this user starts to get to much rights in mosts cases. Explanation: To run an application under a user, the user must have the right to read (and most times also write) some files. Guess you have applaction a1 and a2 and each runs under nobody. If a1 has an error that allows unintended read or write access, it's possible to read or write data that belongs to application a2. So i prefer to have unique user's for given services. > -----Original Message----- > From: Sanjaya Singharage [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 06, 2002 5:28 AM > To: [EMAIL PROTECTED] > Subject: OK to run tomcat as nobody? > > > This is a follow up to the post "why run romcat as root" (I > meant to say > "why run tomcat as nobody"). > > After reading all the replies. My solution would be to run > apache as root > on port 80 and then run tomcat behind the scenes using a connector and > running a user other than root. What I want to know is are there any > security concerns running tomcat as nobody? > > Thnak you very much for the previous replies. > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
