On 08/03/2011 10:11 PM, Jorge Medina wrote:
> I run Tomcat in a Solaris 10 SPARC machine using jsvc through a init script.
>
> jsvc is started by root, but I specify the "-user" option to change to
> the "application" user.
> I use the option "-outfile" and "-errfile" to specify where to direct
> stdout and stderr, "catalina.out" and "catalina.err" in my
> environment.
>
jsvc redirects stdout/stderr before setuid (changing to -user)
thus the files are created by superuser.
Actually that's the desired behavior; You have files writtable
by -user during the application life-time but created and
readable by root.
If you need lower security, don't use the commons daemon.
Regards
--
^TM
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|