tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Sonja Löhr)
Subject permissions for Tomcat+Apache integration
Date Mon, 01 Sep 2003 14:19:49 GMT

Here is my second question, now concerning Apache+Tomcat integration on
Could someone tell me a reasonable users, groups and file permissions
structure for apache, the tomcat-files itself and a typical webapp?  - Java
security aside.

1. Is it a good idea at all to place the webapps under apache's document
root, having to care about all WEB-INF and other sensible directories with
"deny from all" ?

2. Which account in which group?
Apache needs access to static files somewhere in the webapp. (Which may be
very dispersed f.e. in case of cocoon).
 If a "tomcat" user and the "apache" user account are in the same group with
restricted permissions, I can't assign permissions to a group of developers,
just another owner (me ;-).  Ok, may it be. Additionally, if tomcat unpacks
war files, all resulting directories are owned by tomcat alone. So should I
put the "apache user into the "tomcat" group?

3.How paranoid must I be about tomcat-files (server-directory f.e)?
Tomcat needs write access to some directories, but certainly I don't know
all processes tomcat.

You probably guess by now that I'm not grown up with Unix-systems.
Spent my whole sunday with chmod and chown, now I would be very happy if
someone told me something SIMPLE  :-)

Thank you,

View raw message