tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glenn Nielsen <gl...@mail.more.net>
Subject Re: Best practices question
Date Sat, 19 Oct 2002 13:43:50 GMT
For applications which require root permissions we do the following:

Apache mod_jk (non root) <-AJP-> Tomcat (non root) <-SSL-> Tomcat SOAP server
(root)

Any business logic which requires root permission is implemented as a
SOAP web service in the SOAP server which runs as root.  That SOAP
server is locked down with the SecurityManager and a very strict catalina.policy.

The strict policy protects us from root level exploits and from hurting ourselves.
i.e. We lock down file permissions to only those files/directories which the
SOAP web services need to administer.

The SSL connection is further locked down with X509 certificates.  Each side
of the SSL connection must present a certificate that the other side has the
public key for.  Also the catalina.policy restricts what IP's it will allow
SSL connections from.

The SOAP web services also validate all input which comes from the client.

Regards,

Glenn

Qmail List wrote:
> I have been wondering about this as well. Apache screams and hollers
> BIG_SECURITY_HOLE if you compile it with the flags allowing it to run as
> root.
> 
> That said, I love the fact that Tomcat runs as root. It makes it easy for
> your webapp to do things admin applications, servers, and networks from a
> web interface.
> 
> But at what cost? Of course it would be best to run Tomcat as nobody or
> tomcat user or whoever, but if your app needs some root permission at the OS
> level, is it OK to run as root?
> 
> I'd imagine the root OK concept must be due to the underlying Java, but
> can't really see why or how. Anyone know?
> 
> 
> Great product this Tomcat. Kudos to all involved.
> 
> 
> 
> 
> 
> ----- Original Message -----
> From: "Turner, John" <JTurner@AAS.com>
> To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org>
> Sent: Thursday, October 17, 2002 1:57 PM
> Subject: RE: Best practices question
> 
> 
> 
>>I run Tomcat under a separate user account.  I avoid running services as
>>root whenever possible.
>>
>>John
>>
>>
>>>-----Original Message-----
>>>From: Randy Paries [mailto:randy.paries@unitnet.com]
>>>Sent: Thursday, October 17, 2002 1:56 PM
>>>To: 'Tomcat Users List'
>>>Subject: Best practices question
>>>
>>>
>>>Hello,
>>>
>>>I was wondering are most people starting tomcat from root, or are they
>>>doing it other ways.
>>>
>>>What is the suggestion for this.
>>>
>>>How big are the security issues if started by root
>>>
>>>Would it be ok to start it by user apache?
>>>
>>>Thanks
>>>
>>>
>>>
>>>--
>>>To unsubscribe, e-mail:
>>><mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>>>For additional commands, e-mail:
>>><mailto:tomcat-user-help@jakarta.apache.org>
>>>
>>--
>>To unsubscribe, e-mail:
> 
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> 
>>For additional commands, e-mail:
> 
> <mailto:tomcat-user-help@jakarta.apache.org>
> 
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>




--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message