tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: running tomcat with root user
Date Sun, 01 Feb 2009 10:04:10 GMT
epicwinter@hotmail.com wrote:
> I have the latest tomcat 6 installed under centos 5.2.  The problem I am having is that
it appears that I have to run tomcat as root user, because the spring app that tomcat starts
needs to write files to other users' home directories.  The tomcat user doesn't have access
to these directories.
> 
> I tried making these users part of a shared group, but to complicate the problem the
users are jailed using jailkit.  So it doesn't appear that jailkit lets me add group write
privileges to the home directories and maintain a working jail.
> 
> Can anyone suggest another alternative?  I am not linux user expert so maybe there is
an obvious solution i am missing?

If you are courageous, you could try using ACL's.
One pre-requisite is that the filesystem type on which the users's 
directories are located, must support ACL. The other pre-requisite is 
that ACLs be actually enabled on that filesystem. This has to do with 
the "mount" command that mounts the filesystem.
I am no specialist myself, and you'll have to get some help from a Linux 
forum for that.
The next part is to understand the commands that deal with ACL's, and 
that is why I said that you have to be courageous. They are not for the 
faint-hearted.
Try :
man setfacl
man getfacl

Very briefly :
ACL = Access Control List
They are a possibility to set access permissions to files and 
directories, in a more detailed and flexible way than Unix usual 
"rwxrwxrwx"-style permissions.
You can have a directory belonging to user X and group Y, but still 
allow users of group Z (e.g. Tomcat) to write to it.

All of the above of course may or may not be compatible with the "jail" 
you are mentioning. I make no guarantees there.
And otherwise, you'll have to run Tomcat as root and that's it.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message