You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jan Tosovsky <j....@email.cz> on 2015/02/25 23:13:05 UTC
[Hardening] Running tomcat under a specific account
Dear All,
there are plenty resources mentioning it is a must to run tomcat as a
dedicated user with limited permissions.
Is it still true when tomcat doesn't run standalone, but via Apache web
server connected via AJP? That webserver already runs in the restrictive
mode.
Thanks, Jan
Re: [Hardening] Running tomcat under a specific account
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Jan,
On 2/25/15 5:13 PM, Jan Tosovsky wrote:
> there are plenty resources mentioning it is a must to run tomcat as
> a dedicated user with limited permissions.
>
> Is it still true when tomcat doesn't run standalone, but via Apache
> web server connected via AJP? That webserver already runs in the
> restrictive mode.
Yes.
Why would you want to run Tomcat as root/Administrator? I don't
believe it gives you any advantage whatsoever, and can open you up to
all kinds of problems.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJU7yARAAoJEBzwKT+lPKRYfGYP/1PqU1SNxqN/03cn29hLm1SW
GU0UV6YwYXuapTc7hOZeR2vJUUDkIbCgPmz/xtwOO53Amw6nfdqHSuu1fyfNTN+8
mySOkroRD+4s02BtBRa8TyK2sESdr3DX0wgYkfLuBjflpmFiwdX9w17jFqfH6mUR
Q8HKSZueOv72IybI/E223JkcXG1ImyXlt/HBT6YeG1kxMOMfX0yaak14kklcbKUk
YJKPj35cv8DySVW20ghMoKt6F65P9Y54cjK3AWOxaO8EGSvn7RaY2Pv+w5bWcE9f
Nb4dUeMQCg0mieWe0pweLDuLVi+O3eZ7V4RsbI04bIiaP08QZxKlMC6HDWthLKAw
op0gEmEmMoPm1I5B/g8dW5LWPqSbvV169PkRyKC8agQbuGbPAIUHudmwHSEswSv1
9UX+l9+Ey7HvHGQHUSFr8MX70mgrmPvfpAhxDCOU90Cj8sATEQtnhqo2E0AeBgEr
rUA04tp5Lf64fsIZ9uhNiW8KuxP5/CCeWfTlNHZ4b169qIvc9ZCla8Gl/cQ+SNWr
0FXP7d2Yun5Hx5FeE3Yfu9xzT1qvOLWI19C4cM8EhgqxVAOgUA7zx4JWIlBuNmrH
jIsoweJI2Uwq0g9hjQtInN7/Y15gBiHeL/WxAtAMEqn/ygk0FUVPd6r5y6LXoVx1
TGGg8PwnduySY6R9iYS+
=Mo36
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org