You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Curtis Spencer <wa...@hotmail.com> on 2001/04/22 04:01:01 UTC
Starting Tomcat with user nobody
Does anyone have a good startup script that will start tomcat with the user nobody rather than root. I don't know if this is a security risk or not but I feel alittle uncomfortable starting with root. Do I have to change file permissions to ensure that 'nobody' can access certain files.
Thx,
Curtis
Re: Starting Tomcat with user nobody
Posted by Jan Labanowski <jk...@osc.edu>.
Now... The short answer... {:-)}
1) nobody is not a good user since it does not usually have shell
associated (check your /etc/passwd). It is better to create user
(e.g., tomcat) with all things which user needs.
2) When you decided on the user and created it (say it is user tomcat
with group tomcat) , become root:
cd $TOMCAT_HOME
chown -R tomcat .
chgrp -R tomcat .
Yes... Tomcat creates lots of files... I could be more specific, but
above is OK
3) Then start tomcat:
1) you are logged in as root:
su - tomcat -c "$TOMCAT_HOME/bin/startup.sh"
2) you are logged in as tomcat
cd $TOMCAT_HOME/bin
./startup.sh
But... Frankly, read the URL below, since it is only a tip of the iceberg
On Sat, 21 Apr 2001, Jan Labanowski wrote:
> http://www.ccl.net/cca/software/UNIX/apache/
>
>
>
>
> On Sat, 21 Apr 2001, Curtis Spencer wrote:
>
> > Does anyone have a good startup script that will start tomcat with the user nobody rather than root. I don't know if this is a security risk or not but I feel alittle uncomfortable starting with root. Do I have to change file permissions to ensure that 'nobody' can access certain files.
> >
> > Thx,
> > Curtis
> >
>
> Jan K. Labanowski | phone: 614-292-9279, FAX: 614-292-7168
> Ohio Supercomputer Center | Internet: jkl@osc.edu
> 1224 Kinnear Rd, | http://www.ccl.net/chemistry.html
> Columbus, OH 43212-1163 | http://www.osc.edu/
>
Jan K. Labanowski | phone: 614-292-9279, FAX: 614-292-7168
Ohio Supercomputer Center | Internet: jkl@osc.edu
1224 Kinnear Rd, | http://www.ccl.net/chemistry.html
Columbus, OH 43212-1163 | http://www.osc.edu/
Re: Starting Tomcat with user nobody
Posted by Jan Labanowski <jk...@osc.edu>.
http://www.ccl.net/cca/software/UNIX/apache/
On Sat, 21 Apr 2001, Curtis Spencer wrote:
> Does anyone have a good startup script that will start tomcat with the user nobody rather than root. I don't know if this is a security risk or not but I feel alittle uncomfortable starting with root. Do I have to change file permissions to ensure that 'nobody' can access certain files.
>
> Thx,
> Curtis
>
Jan K. Labanowski | phone: 614-292-9279, FAX: 614-292-7168
Ohio Supercomputer Center | Internet: jkl@osc.edu
1224 Kinnear Rd, | http://www.ccl.net/chemistry.html
Columbus, OH 43212-1163 | http://www.osc.edu/