tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From François Conil <co...@ece.fr>
Subject Multi user setup in a non root environnement
Date Thu, 06 Apr 2006 09:55:27 GMT
Hello,

I'm currently setting up a tomcat 5.5 serveur behind an apache 1.3 
server using mod_jk, all of this running under freebsd 6.0.

I've got two questions :

1) I managed to successfully run Tomcat under the root account in a 
multi user setup, with .jsp files reachables via 
www.site.com/~user/test.jsp and www.site.com:8080/~user/test.jsp by 
using the PasswdUserDatabase UserConfig.

The problem is that I'm kinda worried about security and running tomcat 
under the root account. I used the -security switch, which seems to work 
great, but is it secure enough ? I don't want my users to walk through 
the whole filesystem if there's some security leak :|

If so, then the following question might just be for "scientific" 
purposes ;)

2) I created a tomcat user and tomcat group, chowned the whole tomcat 
directory to tomcat:tomcat and launched the tomcat server without any 
particular switch after having su-ed to the tomcat user.

The www.site.com:8080/ default page works great, but trying to get to 
www.site.com/~user/test.jsp or www.site.com:8080/~user/test.jsp issues a 
404 error from tomcat.

I found little help about this, and I'm quite puzzled about this 404 error.
Does anyone can help me with this ?

Thanks by advance,
-- 
François Conil
Administrateur Systèmes et Réseaux
<Pax> I wish my lawn was emo, so it would cut itself.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message