You are viewing a plain text version of this content. The canonical link for it is here.

Posted to general@jakarta.apache.org by Scott Sutherland <su...@ncs.com> on 2000/10/05 05:09:13 UTC

Apache/Tomcat owning user setup on RH6.2

I have Apache/Tomcat setup and working, and have a question relating
to the owning user of the Tomcat processes...

I set up Tomcat to start before Apache through the init scripts, but
the starting user is root! (whoops!)  I know that I can append a
'-u <username>' to the end of the daemon function call, but I'm not
exactly sure how a correct 'tomcat' user should be
setup.... Security-wise, what is the exposure of the owning user id of
the tomcat process?  I don't think that 'nobody' would be good because
the container has to compile jsp pages into class files...

Would anyone care to contribute their thoughts on the matter?

Thanks in advance...

Scott

-- 
Scott Sutherland                          National Computer Systems
(319) 354-9200                        Measurement Services Division
suthsc@ncs.com                                        Iowa City, Ia
import my.standard.disclaimer.*;                        GO HAWKS!!!

  "Coding in windows is sort of like writing a biography about a
  person who won't tell you anything about themselves." - jheart8

Updated Slide Website

Posted by "Pier P. Fumagalli" <pi...@betaversion.org>.

Hear Hear... :) Remy updated the website :)

http://jakarta.apache.org/slide/index.html

	Pier