tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mikolaj Rydzewski <m...@ceti.pl>
Subject Re: Jailrootting
Date Wed, 23 Jun 2010 12:25:50 GMT
Luca Gervasi wrote:
> Tomcat uses a low privilege user and the system-wide permissions are
> thus enforced by OS but...i can still read all the istance-wide files
> (tomcat-users.xml, server.xml and any other 644 file).
>   
What is your scenario for running webapps? Are you going to run 
third-party untrusted code (free hosting?), or anything else? In most 
cases jail/chroot and accout with limited privileges are sufficient enough.

-- 
Mikolaj Rydzewski <miki@ceti.pl>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message