tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralph Einfeldt" <ralph.einfe...@uptime-isc.de>
Subject RE: OK to run tomcat as nobody?
Date Fri, 06 Dec 2002 12:18:06 GMT
I prefer to use a didicated user (like tomcat)
to give him the just the rights that are needed
to run tomcat and the application.

If there is more than one application using the 
user nobody this user starts to get to much rights 
in mosts cases. 

Explanation:

To run an application under a user, the user must 
have the right to read (and most times also write)
some files. Guess you have applaction a1 and a2 and 
each runs under nobody. If a1 has an error that 
allows unintended read or write access, it's possible 
to read or write data that belongs to application a2.

So i prefer to have unique user's for given 
services.

> -----Original Message-----
> From: Sanjaya Singharage [mailto:SanjayaS@jkcs.slt.lk]
> Sent: Friday, December 06, 2002 5:28 AM
> To: tomcat-user@jakarta.apache.org
> Subject: OK to run tomcat as nobody?
> 
> 
> This is a follow up to the post "why run romcat as root" (I 
> meant to say
> "why run tomcat as nobody").
> 
> After reading all the replies. My solution would be to run 
> apache as root
> on port 80 and then run tomcat behind the scenes using a connector and
> running a user other than root. What I want to know is are there any
> security concerns running tomcat as nobody?
> 
> Thnak you very much for the previous replies.
> 
> 
> 
> --
> To unsubscribe, e-mail:   
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: 
> <mailto:tomcat-user-help@jakarta.apache.org>
> 
> 
> 

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message