tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claude Brisson <>
Subject Running sudo from a servlet
Date Tue, 21 May 2019 17:52:22 GMT
Hi all.

I use tomcat 8.5.39 and java oracle 1.8.0_191 on linux (ubuntu 19.04). 
Tomcat was installed by apt-get and runs as a service.

If I open a shell as the tomcat8 user, I can launch a Java program which 
successfully executes a sudo command in a sub-process.

But from a Java servlet, the code fails with this error from the sudo 

     sudo: effective uid is not 0, is /usr/bin/sudo on a file system 
with the 'nosuid' option set or an NFS file system without root privileges?

which means that somehow, the tomcat process was unable or unwilling to 
honor the setuid flag of the sudo command.

Is it a special security measure ?

If yes, is it set in tomcat ? in the JVM ? In Ubuntu's tomcat8 service 
packaging? In systemd config?

And is there any configuration option to relax it?



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message