You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by ja...@webmd.net on 2001/05/19 00:05:43 UTC
Changing Tomcat's User ID
I'm running tomcat 3.2.1 on Solaris. It is started in an rc2.d/ script by
root, and therefore runs as root. We'd like to be able to have it run as
nobody like apache does. Is there a way to do this? I read through the
documentation on it, and it mentioned using su inside of the start scripts,
but that method did not work.
Any help would be greatly appreciated.
Thanks,
Jason Majors
Re: Changing Tomcat's User ID
Posted by Jeff Kilbride <je...@kilbride.com>.
Correct me if I'm wrong, but if you're running with Apache and ajp12 or
ajp13, you shouldn't have any problems because Tomcat is only responding on
ports 8007 and 8009. You only have problems when you're running Tomcat
stand-alone and you want it to respond on the normal http (80) and https
(443) ports.
However, I've heard it's kind of a nightmare getting all the directory and
file permissions correct for the non-root user.
--jeff
----- Original Message -----
From: "Tim O'Neil" <ti...@xythos.com>
To: <to...@jakarta.apache.org>
Sent: Friday, May 18, 2001 4:00 PM
Subject: Re: Changing Tomcat's User ID
> At 03:05 PM 5/18/2001 -0700, you wrote:
> >I'm running tomcat 3.2.1 on Solaris. It is started in an rc2.d/ script by
> >root, and therefore runs as root. We'd like to be able to have it run as
> >nobody like apache does. Is there a way to do this? I read through the
> >documentation on it, and it mentioned using su inside of the start
scripts,
> >but that method did not work.
> >Any help would be greatly appreciated.
> >Thanks,
> >Jason Majors
>
> You can't do that, unless you're willing to run
> it on a port > 1024. Remember, ports below 1024
> are root access only. Apache gets away with it
> because it's an admin process that runs as root
> + a web server process + its native code. Tomcat,
> being Java, is going to have a hard enough time
> without a root process to kick it off.
>
>
Re: Changing Tomcat's User ID
Posted by Tim O'Neil <ti...@xythos.com>.
At 03:05 PM 5/18/2001 -0700, you wrote:
>I'm running tomcat 3.2.1 on Solaris. It is started in an rc2.d/ script by
>root, and therefore runs as root. We'd like to be able to have it run as
>nobody like apache does. Is there a way to do this? I read through the
>documentation on it, and it mentioned using su inside of the start scripts,
>but that method did not work.
>Any help would be greatly appreciated.
>Thanks,
>Jason Majors
You can't do that, unless you're willing to run
it on a port > 1024. Remember, ports below 1024
are root access only. Apache gets away with it
because it's an admin process that runs as root
+ a web server process + its native code. Tomcat,
being Java, is going to have a hard enough time
without a root process to kick it off.