tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Layman <>
Subject RE: Jakarta NT service
Date Fri, 03 Aug 2001 11:03:14 GMT

	Tomcat only need read access to the JAVA_HOME directory structure
(there are some files there that you could exclude, but they are pretty
trivial like the LICENSE) and read access to the TOMCAT_HOME.  It needs
write access to TOMCAT_HOME\work and TOMCAT_HOME\logs.  It will also need
read access to any JARs in your file outside of
TOMCAT_HOME and JAVA_HOME.  Note, you can move the locations of some of
these resources (web apps, logs, working directory, etc) around so you might
need to change these directions accordingly.

	In addition, web apps can make other requirements about what they
need to read and write, so you'll have to check with them as well.


> -----Original Message-----
> From: Rijk Stofberg []
> Sent: Friday, August 03, 2001 5:44 AM
> To:
> Subject: Jakarta NT service
> Greetz
> I have been using Tomcat in one or the other guise for a 
> while and it =
> works really well. Recently I installed the Jakarta NT 
> Service and that =
> works fine (I am running the 1.3.1 JVM). My only problem is running =
> Tomcat as a seperate user, with it's own permissions. I see it is =
> possible to change the user that a service runs as. This will 
> allow me =
> to set the permissions on my filesystem (ala UNIX), so that 
> Tomcat only =
> has access to it's own directories and minimal crucial system 
> dirs. In =
> this manner I can reduce the security risk. My question is, 
> "What does =
> tomcat need access to and at what level?". If I can figure 
> this out, it =
> would really rock!
> Any help is appreciated.
> Regards
> Rijk Stofberg

View raw message