Configuring Tomcat to NOT run as Root

[Scott W Ricketts <sc...@meadwestvaco.com>]

I am helping set up a Citrix NFuse server running on Solaris, using Tomcat 
and Apache 1.3.  The default install for NFuse 1.7 does not fire up 
Apache, rather it calls Tomcat to start alone.  The default also has this 
running as root, something I am very uncomfortable with.  I have Googled 
and searched archives, and whenever mentioned, it sounds rather trivial 
but I cannot find where in my config files to set this to run as 'nobody'.

I am totally clueless with Tomcat, can anyone help?




________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service._______________________________________________________________

Note:  Please update your email address for this user to reflect the
new MeadWestvaco Corporation.  MeadWestvaco employee email addresses
are in the format of user@MeadWestvaco.com 

This electronic message contains information from MeadWestvaco
Corporation or subsidiary companies, which may be confidential,
privileged or otherwise protected from disclosure.  The
information is intended to be used solely by the recipient(s)
named.  If you are not an intended recipient, be aware that
any review, disclosure, copying, distribution or use of this
transmission or its contents is prohibited.  If you have
received this transmission in error, please notify MeadWestvaco
immediately at postmaster@MeadWestvaco.com.
_______________________________________________________________________

Re: Configuring Tomcat to NOT run as Root

[John Turner <to...@johnturner.com>]

Tomcat runs as whatever user executes the startup scripts in 
$CATALINA_HOME/bin.

If that user is "root", then Tomcat runs as root.  If that user is 
"nobody", then Tomcat's effective user is "nobody".  There's no 
(current) facility in Tomcat to switch UID as Apache does after startup.

As root, something like:

su - SOMEUSER -c "$CATALINA_HOME/bin/startup.sh"

will run Tomcat as the user defined by SOMEUSER.

John

Scott W Ricketts wrote:

> I am helping set up a Citrix NFuse server running on Solaris, using Tomcat 
> and Apache 1.3.  The default install for NFuse 1.7 does not fire up 
> Apache, rather it calls Tomcat to start alone.  The default also has this 
> running as root, something I am very uncomfortable with.  I have Googled 
> and searched archives, and whenever mentioned, it sounds rather trivial 
> but I cannot find where in my config files to set this to run as 'nobody'.
> 
> I am totally clueless with Tomcat, can anyone help?
> 
> 
> 
> 
> ________________________________________________________________________
> This email has been scanned for all viruses by the MessageLabs SkyScan
> service._______________________________________________________________
> 
> Note:  Please update your email address for this user to reflect the
> new MeadWestvaco Corporation.  MeadWestvaco employee email addresses
> are in the format of user@MeadWestvaco.com 
> 
> This electronic message contains information from MeadWestvaco
> Corporation or subsidiary companies, which may be confidential,
> privileged or otherwise protected from disclosure.  The
> information is intended to be used solely by the recipient(s)
> named.  If you are not an intended recipient, be aware that
> any review, disclosure, copying, distribution or use of this
> transmission or its contents is prohibited.  If you have
> received this transmission in error, please notify MeadWestvaco
> immediately at postmaster@MeadWestvaco.com.
> _______________________________________________________________________