You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Curtis Spencer <wa...@hotmail.com> on 2001/04/22 04:01:01 UTC

Starting Tomcat with user nobody

Does anyone have a good startup script that will start tomcat with the user nobody rather than root.  I don't know if this is a security risk or not but I feel alittle uncomfortable starting with root.  Do I have to change file permissions to ensure that 'nobody' can access certain files.  

Thx,
Curtis

Re: Starting Tomcat with user nobody

Posted by Jan Labanowski <jk...@osc.edu>.

Now... The short answer...  {:-)}

1) nobody is not a good user since it does not usually have shell
   associated (check your /etc/passwd). It is better to create user
   (e.g., tomcat) with all things which user needs.

2) When you decided on the user  and created it (say it is user tomcat
   with group tomcat) , become root:
     cd $TOMCAT_HOME
     chown -R tomcat .
     chgrp -R tomcat .
   Yes... Tomcat creates lots of files... I could be more specific, but
   above is OK

3) Then start tomcat:
     1) you are logged in as root:
           su - tomcat -c "$TOMCAT_HOME/bin/startup.sh"
     2) you are logged in as tomcat
           cd $TOMCAT_HOME/bin
           ./startup.sh

But... Frankly, read the URL below, since it is only a tip of the iceberg
     


On Sat, 21 Apr 2001, Jan Labanowski wrote:

> http://www.ccl.net/cca/software/UNIX/apache/
> 
> 
> 
> 
> On Sat, 21 Apr 2001, Curtis Spencer wrote:
> 
> > Does anyone have a good startup script that will start tomcat with the user nobody rather than root.  I don't know if this is a security risk or not but I feel alittle uncomfortable starting with root.  Do I have to change file permissions to ensure that 'nobody' can access certain files.  
> > 
> > Thx,
> > Curtis
> > 
> 
> Jan K. Labanowski            |    phone: 614-292-9279,  FAX: 614-292-7168
> Ohio Supercomputer Center    |    Internet: jkl@osc.edu 
> 1224 Kinnear Rd,             |    http://www.ccl.net/chemistry.html
> Columbus, OH 43212-1163      |    http://www.osc.edu/
> 

Jan K. Labanowski            |    phone: 614-292-9279,  FAX: 614-292-7168
Ohio Supercomputer Center    |    Internet: jkl@osc.edu 
1224 Kinnear Rd,             |    http://www.ccl.net/chemistry.html
Columbus, OH 43212-1163      |    http://www.osc.edu/

Re: Starting Tomcat with user nobody

Posted by Jan Labanowski <jk...@osc.edu>.

http://www.ccl.net/cca/software/UNIX/apache/




On Sat, 21 Apr 2001, Curtis Spencer wrote:

> Does anyone have a good startup script that will start tomcat with the user nobody rather than root.  I don't know if this is a security risk or not but I feel alittle uncomfortable starting with root.  Do I have to change file permissions to ensure that 'nobody' can access certain files.  
> 
> Thx,
> Curtis
> 

Jan K. Labanowski            |    phone: 614-292-9279,  FAX: 614-292-7168
Ohio Supercomputer Center    |    Internet: jkl@osc.edu 
1224 Kinnear Rd,             |    http://www.ccl.net/chemistry.html
Columbus, OH 43212-1163      |    http://www.osc.edu/