Hi, Philippe, I started tomcat as user:tomcat group:tomcat, there is no security problem of access my data or even all my jsp pages were secured so that direct access to page source is also not allowed.
I did give 770 (way enough) to let tomcat write that /temp, which /temp has same user and group ID. On 7/26/06, Philippe Schober <[EMAIL PROTECTED]> wrote:
Hi, Li schrieb: > thanks for replying, i guess my linux access config no problem since i can > use normal java app to write up. Because normal java-apps run with the same rights as the user starting them. > I guess it should be the problem for tomcat > configure at its security model. And besides, use root run tomcat is not > very good. Tomcat runs with different rights (I believe the rights of the web server). Why that? Well, you don't want your web browser to access your private data outside your home page... And you weren't asked to run tomcat as root but change the security settings of the temp dir. The command you were told changes the settings so that EVERYONE on your machine may read, write and execute stuff from the temp directory. Cheers, Philippe Schober --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- When we invent time, we invent death.
