tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mikolaj Rydzewski <>
Subject Re: Jailrootting
Date Wed, 23 Jun 2010 12:25:50 GMT
Luca Gervasi wrote:
> Tomcat uses a low privilege user and the system-wide permissions are
> thus enforced by OS but...i can still read all the istance-wide files
> (tomcat-users.xml, server.xml and any other 644 file).
What is your scenario for running webapps? Are you going to run 
third-party untrusted code (free hosting?), or anything else? In most 
cases jail/chroot and accout with limited privileges are sufficient enough.

Mikolaj Rydzewski <>

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message