I'm not sure if I making a correct assumption, but isn't it possible that someone can exploit the running tomcat process and gain access as tomcat into the system (if so, having write permission on the conf dir is dangerous)
--- Ben Ricker <[EMAIL PROTECTED]> wrote: > I do not see this as a problem. You can lock the > Tomcat account (do have > to give it a shell, though) and no one should be > able to get into the > account. I use 'sudo' to allow others the ability to > start and stop > Tomcat which 'su's to the Tomcat user before > executing. > > I myself use the Tomcat group, of which Tomcat is > the only member, and > apply root ownership to everything. You also need to > make sure your > WEB-INF is not in your docbase. > > HTH, > > Ben Ricker > > On Tue, 2003-03-11 at 13:20, krip pane wrote: > > All, > > > > I'm running 4.1.18 on solaris 2.8 - currently > without > > any problems as id "tomcat". But my issue is I've > to > > give write permission to tomcat on the conf > directory > > inorder for tomcat to start successfully. Is there > any > > other way of starting tomcat without giving this > > permission, is this a bug?, has it been addresses > in a > > different release. > > > > Thanks > > > > __________________________________________________ > > Do you Yahoo!? > > Yahoo! Web Hosting - establish your business > online > > http://webhosting.yahoo.com > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > -- > Ben Ricker <[EMAIL PROTECTED]> > Wellinx.com > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
