tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "" <>
Subject RE: running tomcat with root user
Date Sun, 01 Feb 2009 19:38:29 GMT

> From:
> To:
> Date: Sun, 1 Feb 2009 12:59:33 +0000
> Subject: RE: running tomcat with root user
> > From: []
> > I have the latest tomcat 6 installed under centos 5.2.  The
> > problem I am having is that it appears that I have to run
> > tomcat as root user, because the spring app that tomcat
> > starts needs to write files to other users' home directories.
> >  The tomcat user doesn't have access to these directories.
> >
> > I tried making these users part of a shared group, but to
> > complicate the problem the users are jailed using jailkit.
> > So it doesn't appear that jailkit lets me add group write
> > privileges to the home directories and maintain a working jail.
> >
> > Can anyone suggest another alternative?  I am not linux user
> > expert so maybe there is an obvious solution i am missing?
> Beyond Andre's solution of ACLs, there's another one that's more complex but might be
more secure.  It requires a slight shift in architecture.
> 1) Run Tomcat as the tomcat user.  Change the way it writes files, so that instead of
writing to the user directory it writes the details to a queue that you have control over.
 That could be a database, or a chunk of filestore.
> 2) Write a second daemon that runs as root, that reads the queue, does whatever checks
you require so that it believes the queued requests are genuine, then writes the queued items
to the users' directories.
> This reduces the attack surface of the system, in that tomcat's not running as root.
 You'd have to be careful with the security of the daemon and the queue but, if well-designed,
the overall security may be better than running Tomcat as root.
>                 - Peter
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Peter- I am considering options like this, the problem which complicates my situation more
is that the remote client accesses the files written immediately after they are written and
I don't want to deal with timing issues of the daemon running before the client needs to access
the files.  

Windows Live™ Hotmail®:…more than just e-mail.
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message