tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: Which user executes JSP in Tomcat?
Date Fri, 03 Apr 2009 13:41:58 GMT
> From: raga2 [mailto:ragabonds@gmail.com]
> Subject: Re: Which user executes JSP in Tomcat?
> 
> ps -aef tells me it's root running tomcat.

That's a really bad thing to do.  You should be running Tomcat under a userid that does not
give it the privilege to scribble anywhere in the file system.  If you need to access ports
< 1024, start Tomcat with jsvc, or use iptables to redirect the low ports to what's configured
in Tomcat.

Back to your original problem: there's no guarantee that a servlet container will allow webapp
code to have access to any part of the file system, other than a spec-defined work area. 
Tomcat usually does allow such access, unless you're running with a security manager.  If
you're trying to use relative paths in your directory and file creation, then you're likely
trying to write within Tomcat's directory structure, which is another Really Bad Thing.  Make
sure that wherever you're writing is outside of Tomcat.

(And if you're using a 3rd-party, repackaged version of Tomcat, it's anybody's guess where
all the pieces of Tomcat are, since the repackagers seem to delight in scattering bits of
Tomcat all over, and then tying things back together with a mess of symlinks - bloody ridiculous.)

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message