Hi calder,

> Am 13.05.2020 um 04:59 schrieb calder <calder....@gmail.com>:
> On Tue, May 12, 2020, 21:48 kohmoto <kohm...@iris.eonet.ne.jp> wrote:
>> Hi, Calder,
>> Thank you for your prompt reply.
>> I think Tomcat binary files all have root priviledges.
>> Should these priviledges should be changed to user priviledges?
> Yes.

I would suggest to leave the binaries and maybe even config files to root or 
any other admin. So a hacked tomcat process under tomcat user will not be able 
to exchange config or even binaries.
That will only work if the config will not be changed via host-manager or 

In the past we even held the installed webapps under a different user. but that 
maybe difficult in automated deployments.

My 2cts.


> There is a "Tomcat Security" guide at the Tomcat website.  Also, Mulesoft
> has a good guide
> https://www.mulesoft.com/tcat/tomcat-security
> Your truly,
>> Kazuhiko Kohmoto
>> On 2020/05/13 11:17, calder wrote:
>>> If TC, running as root, is ever compromised, the compromising user
>>> (attacker) can gain access to the whole of the system.  The attacker
>> could
>>> execute any arbitrary command available on the system.  They could remove
>>> files, or install malicious software.

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to