tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joe Shevland" <shevla...@kpi.com.au>
Subject RE: Running Tomcat as user nobody
Date Wed, 02 Aug 2000 06:02:42 GMT
After playing with this, I found it was easier to create a user called 'tomcat' with a barebones
home directory and a '*' in the password file (it may still be possible to get away with using
'nobody' with the -m flag if that doesn't require a home directory to be present to read login
files from).

Then you just need to make sure this user has write access on the TOMCAT_HOME/work directory
and on the log files, whereever they may live. At least these are the only gotchas I've encountered
so far.

Joe

>-----Original Message-----
>From: Joe Shevland [mailto:shevlandj@kpi.com.au]
>Sent: Wednesday, 2 August 2000 3:18 PM
>To: tomcat-user@jakarta.apache.org
>Subject: RE: Running Tomcat as user nobody
>
>
>Here's a cut down example of one I use for Postgres in 
>/usr/local/etc/rc.d/pgsql.sh (FBSD 3.5/4) that shows this using 
>the 'su' command. You'll need to replace the -x test, -l <user> 
>and the command within the -c '<command>' section:
>
>---
>#!/bin/sh
>#
>
>[ -x /usr/local/pgsql/bin/postmaster ] && {
>su -l postgresuser -c 'exec /usr/local/pgsql/bin/postmaster -S -o 
>-F -D /www/pgsql/data > /dev/null'
>}
>---
>
>HTH,
>Joe
>
>>-----Original Message-----
>>From: Michael A. Alderete [mailto:alderete@haightlife.com]
>>Sent: Wednesday, 2 August 2000 2:51 PM
>>To: tomcat-user@jakarta.apache.org
>>Subject: Running Tomcat as user nobody
>>
>>
>>Hi,
>>
>>How can I get Tomcat to run as user "nobody" on my FreeBSD system? I
>>imagine it's a line or two in one of the startup shell scripts for Tomcat,
>>but I can't get that to work; I keep getting "this account is not
>>available" error messages, presumably because nobody is using 
>/sbin/nologin
>>for a shell.
>>
>>Here's my configuration:
>>
>>FreeBSD 3.2
>>Apache 1.3.12
>>Tomcat 3.1
>>JDK 1.1.8 from the FreeBSD ports collection
>>
>>Even if no one here is running FreeBSD, I'd imagine the procedure is
>>similar for Linux, if you can tell me how you did it there.
>>
>>Thanks!
>>
>>Michael
>>-- 
>>
>>
>>What have YOU done for Keyser Söze lately?
>>---
>>Michael A. Alderete
>><mailto:michael@alderete.com>          voice: (415) 861-5758
>><http://www.alderete.com/>
>>
>
>


Mime
View raw message