OK to run tomcat as nobody?

[Sanjaya Singharage <Sa...@jkcs.slt.lk>]

This is a follow up to the post "why run romcat as root" (I meant to say
"why run tomcat as nobody").

After reading all the replies. My solution would be to run apache as root
on port 80 and then run tomcat behind the scenes using a connector and
running a user other than root. What I want to know is are there any
security concerns running tomcat as nobody?

Thnak you very much for the previous replies.



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: OK to run tomcat as nobody?

[Cees van de Griend <cv...@pobox.com>]

On Friday 06 December 2002 05:27, Sanjaya Singharage wrote:
> This is a follow up to the post "why run romcat as root" (I meant to say
> "why run tomcat as nobody").
>
> After reading all the replies. My solution would be to run apache as root
> on port 80 and then run tomcat behind the scenes using a connector and
> running a user other than root. What I want to know is are there any
> security concerns running tomcat as nobody?

Nobody should be an account without any files, this is a security issue.
If you do an anonymous FTP login, you should access the system as user nobody.

It's just as easy to create an user named tomcat and have this account as 
owner of all Tomcat files.

> Thnak you very much for the previous replies.

Regards,
Cees.

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>