tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Eggers <>
Subject Re: [POLL] Finer-grained "manager" user-access privileges?
Date Fri, 08 Jun 2012 17:54:17 GMT
----- Original Message -----

> From: Mark Thomas <>
> To: Tomcat Users List <>
> Cc: 
> Sent: Friday, June 8, 2012 10:02 AM
> Subject: Re: [POLL] Finer-grained "manager" user-access privileges?
> Hash: SHA1
> On 07/06/2012 19:37, Christopher Schultz wrote:
>>  All,
>>  I was just answering a question on StackOverflow[1] about limiting
>>  the operations a particular user could perform when using the
>>  manager app (e.g. deploy, undeploy, start, stop, etc.).
>>  It seems to me that this has come up on the users' list once or
>>  twice in the past, and it wouldn't be a big deal to support this
>>  kind of thing right out of the box by just defining a number of
>>  additional roles such as:
>>  manager-gui-deploy manager-gui-undeploy manager-gui-start etc.
>>  Is there any interest in doing something like this? My general
>>  feeling is that manager access should either be allowed read-only
>>  (which is covered by the "manager-status" role) or full 
> read/write
>>  (which is covered by the "manager-gui" and 
> "manager-sript" roles)
>>  because hey, you should trust your managers or fire them ;)
> +1. I'm not a fan of making things more complicated by default. There
> is plenty that can be done via additional configuration if desired.
> Mark

I'm also not seeing a clear use case that couldn't solved by running virtual hosts or separate
Tomcat instances. I'm not one to rain on a person's parade, but I guess in light of additional
configuration complexity, I'd like to see a clear use case that couldn't be solved with the
existing setup plus virtual hosts or multiple Tomcats.

. . . just a beleaguered systems person who likes all boxes to look the same.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message