tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: tomcat instances on different ports running as different users can anyone shutdown?
Date Thu, 21 Aug 2008 18:58:19 GMT
Fu-Tung Cheng wrote:
> Hi,
> I have different instances of tomcat running on different ports of the same machine.
 The processes are running as different users.  In this case could a user different than the
one who launched the process connect to the tomcat shutdown port and cause the other instance
to shutdown?
> It seems like I can connect to the shutdown port of the other users tomcat instances
with telnet so I think it appears likely that I could tell the other tomcat instance to shutdown.
> How do I restrict this to only the user who launched the tomcat process?
As far as I know, you cannot. When a TCP port is "open", any local 
process can connect to it, and the receiving port does not "know" who 
that is.  So, yes, unless you disable that port, anyone on the local 
machine could shut down any of your Tomcats.
Telnet is the easiest way, but anyone with a bit of imagination can use 
many other ways to do it, too.

Regarding users that are not on the local machine, there are many 
possibilities, depending on the kind of host you are running on, to 
prevent connections to that port from anywhere except "localhost".
Under Unix/Linux, one way might be tcp-wrappers (look up the files 
/etc/hosts.allow and /etc/hosts.deny), but that may depend on whether 
Tomcat pays attention to it or not.

You could also disable that connector altogether, but someone else 
should comment if this can have unintended consequences (such as 
preventing some "tomcat stop" script to work ?).

I also seem to remember that it is not enough to just connect to the 
port, I believe you must also send some string.  If so, it might be 
possible to change that string to something not trivial somewhere.

I have always been curious about that feature.  Maybe someone on the 
list can explain why it exists at all ?


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message