struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Li <ampyx...@gmail.com>
Subject Re: Uploading problem
Date Wed, 26 Jul 2006 12:49:11 GMT
Hi, Philippe,

I started tomcat as user:tomcat group:tomcat, there is no security problem
of access my data or even all my jsp pages were secured so that direct
access to page source is also not allowed.

I did give 770 (way enough) to let tomcat write that /temp, which /temp has
same user and group ID.



On 7/26/06, Philippe Schober <philippe.schober@scaraboo.com> wrote:
>
> Hi,
>
> Li schrieb:
> > thanks for replying, i guess my linux access config no problem since i
> can
> > use normal java app to write up.
> Because normal java-apps run with the same rights as the user starting
> them.
>
> > I guess it should be the problem for tomcat
> > configure at its security model. And besides, use root run tomcat is not
> > very good.
> Tomcat runs with different rights (I believe the rights of the web
> server). Why that? Well, you don't want your web browser to access your
> private data outside your home page...
>
> And you weren't asked to run tomcat as root but change the security
> settings of the temp dir. The command you were told changes the settings
> so that EVERYONE on your machine may read, write and execute stuff from
> the temp directory.
>
> Cheers,
>   Philippe Schober
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>


-- 
When we invent time, we invent death.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message