tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Crowther" <>
Subject RE: Servlet that needs ROOT access
Date Tue, 01 Aug 2006 12:46:57 GMT
> From: Paul McMahon [] 
> Is it possible to run Tomcat as non ROOT,
> but have a servlet that needs ROOT access?


> Or is the solution to have the servlet application code 
> running as a separate 
> daemon outside tomcat, with some form of comms to tomcat 
> servlet when tasks need to be done?

That would be my preference if I were implementing this.  How much of
your 'servlet application code' *actually* needs root access?  Can you
partition into a small piece that does, and most that doesn't?
Minimising your attack surface in this way would probably be useful.

Can you give us any more information about what you're doing that
requires root?  Does it *have* to require root, or can the requirement
be reduced so that a non-root Tomcat can also do the same thing?  In one
sense this opens up an alternative hole; in another, depending on what
you're doing, that may be better than allowing unrestricted root access
to all tasks.

		- Peter

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message