tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mladen Turk <mt...@apache.org>
Subject Re: Log ownership when running Tomcat using jsvc
Date Thu, 04 Aug 2011 07:44:30 GMT
On 08/03/2011 10:11 PM, Jorge Medina wrote:
> I run Tomcat in a Solaris 10 SPARC machine using jsvc through a init script.
>
> jsvc is started by root, but I specify the "-user" option to change to
> the "application" user.
> I use the option "-outfile" and  "-errfile" to specify where to direct
> stdout and stderr, "catalina.out" and "catalina.err" in my
> environment.
>

jsvc redirects stdout/stderr before setuid (changing to -user)
thus the files are created by superuser.
Actually that's the desired behavior; You have files writtable
by -user during the application life-time but created and
readable by root.

If you need lower security, don't use the commons daemon.


Regards
-- 
^TM

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message