tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From raga2 <ragabo...@gmail.com>
Subject RE: Which user executes JSP in Tomcat?
Date Sun, 05 Apr 2009 12:43:35 GMT

Hello, 


Thanks for you reply and advice. Others asked if the JSP is correct, yes it
is, there are no errors displayed. No catch(Exception ex) { /*do nothing*/} 
kind of code either. 

The error logs for Tomcat don't show anything out of the ordinary. 

Is there anyway to tell tomcat to allow IO access to a specific folder? 

Thanks for your help everyone. 

I'm looking through the log files. 

Caldarale, Charles R wrote:
> 
>> From: raga2 [mailto:ragabonds@gmail.com]
>> Subject: Re: Which user executes JSP in Tomcat?
>> 
>> ps -aef tells me it's root running tomcat.
> 
> That's a really bad thing to do.  You should be running Tomcat under a
> userid that does not give it the privilege to scribble anywhere in the
> file system.  If you need to access ports < 1024, start Tomcat with jsvc,
> or use iptables to redirect the low ports to what's configured in Tomcat.
> 
> Back to your original problem: there's no guarantee that a servlet
> container will allow webapp code to have access to any part of the file
> system, other than a spec-defined work area.  Tomcat usually does allow
> such access, unless you're running with a security manager.  If you're
> trying to use relative paths in your directory and file creation, then
> you're likely trying to write within Tomcat's directory structure, which
> is another Really Bad Thing.  Make sure that wherever you're writing is
> outside of Tomcat.
> 
> (And if you're using a 3rd-party, repackaged version of Tomcat, it's
> anybody's guess where all the pieces of Tomcat are, since the repackagers
> seem to delight in scattering bits of Tomcat all over, and then tying
> things back together with a mess of symlinks - bloody ridiculous.)
> 
>  - Chuck
> 
> 
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Which-user-executes-JSP-in-Tomcat--tp22865557p22893516.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message