You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rolf Borgen Guescini <r....@ilf-stud.uio.no> on 2002/12/04 17:13:17 UTC
Mutliuser setup
Does anybody know what to do when setting up tomcat on a UNIX environment
for more than one user?
Is the best way to define a directory owned by a group where all the users
belong,and then make contexts in server.xml?
Or is there another way of doing it?
RBG
~\\|//~
-(o o)-
************oOOOo**(_)**oOOOo************
* Rolf Borgen Guescini *
* ----------------------- *
* *
* rolfbg@turing.uio.no *
* niffel@chello.no *
* http://folk.uio.no/rolfbg *
* *
* *
* .oooO Oooo. *
**************( )***( )**************
\ ( ) /
\_) (_/
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Mutliuser setup
Posted by David Brown <dw...@webitplanet.com>.
Rolf Borgen Guescini writes:
> Does anybody know what to do when setting up tomcat on a UNIX environment
> for more than one user?
>
> Is the best way to define a directory owned by a group where all the users
> belong,and then make contexts in server.xml?
>
> Or is there another way of doing it?
>
> RBG
>
> ~\\|//~
> -(o o)-
> ************oOOOo**(_)**oOOOo************
> * Rolf Borgen Guescini *
> * ----------------------- *
> * *
> * rolfbg@turing.uio.no *
> * niffel@chello.no *
> * http://folk.uio.no/rolfbg *
> * *
> * *
> * .oooO Oooo. *
> **************( )***( )**************
> \ ( ) /
> \_) (_/
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
Hello Rolf, this is a two edged sword. if u r talking about localhost only
w/ no public access this is not a problem but just allow each user to have
their own "<webapps>" directory e.g.
$CATALALINA_HOME/<user1_webapps,user2_webapps,...>/ all defined in their own
web.xml files at: $CATALINA_HOME/<someuser_webapps>/WEB-INF. on other edge
to this sword can be cutting and care is needed if u r mean to run public.
i'm working on this now and have a infrastructure that would allow users to
update servlets and jsp's remotely and install webapps using the /manager
application. i can do this because i have all such accesses under
"protected" webapp directories and encrypted w/ ssl requiring pam cert and
user id's and password logins. this is an involved step and an order of
magnitude of labor over the other sword edge. i have done things this way
because as many will agree the public internet is a place where nobody's
sandbox is safe from attack and intrusion. tc vulnerabilities r the same as
for other services that have public access. if u do mean to offer public
access then u have choosen a good package. tc has no security defaults but
has all the tools necessary to harden its public server capabilties
especially if used w/ apache version 1.3.27 or better. reply w/ more info on
where u r technically: hardware, os, software services installed, network
(connection), dns etc. and maybe u will get the attention of the gurus. hope
this helps, david.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Mutliuser setup
Posted by David Brown <dw...@webitplanet.com>.
Rolf Borgen Guescini writes:
> Does anybody know what to do when setting up tomcat on a UNIX environment
> for more than one user?
>
> Is the best way to define a directory owned by a group where all the users
> belong,and then make contexts in server.xml?
>
> Or is there another way of doing it?
>
> RBG
>
> ~\\|//~
> -(o o)-
> ************oOOOo**(_)**oOOOo************
> * Rolf Borgen Guescini *
> * ----------------------- *
> * *
> * rolfbg@turing.uio.no *
> * niffel@chello.no *
> * http://folk.uio.no/rolfbg *
> * *
> * *
> * .oooO Oooo. *
> **************( )***( )**************
> \ ( ) /
> \_) (_/
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
Hello Rolf, d u mean UNIX users or just tc? if u mean just tc u can use the
RealBase class that defines users and roles. i also assume u mean to use a
secure login (ssl) and secure webapps page/directories. this is all
documented in tc "out-of-the-box". preferably, u will want to use JDBCRealm
and a database (the MemoryRealm would require MD5 or SHA digest of the
passwords in flat ASCII text files) and not as useful as if the users and
roles tables in a db (the users and roles tables can be used as fk in other
tables 4 other process logic uses). each user could have his own webapp
which is what i'm doing now and it works 4 me. hope this helps, david.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Mutliuser setup
Posted by Rolf Borgen Guescini <r....@ilf-stud.uio.no>.
Thanks both to you and David Brown for the quick response ! : )
As this was my first posting to this mailing list, and since I don't have
any experience with posting on such lists, I see that I expressed myself a
little bit inexact. But Jeremy's idea of reading the RUNNING.txt is quit
to the point:
"In many circumstances, it is desirable to have a single copy of a Tomcat 4
binary distribution shared among multiple users on the same server. "
This is what I would like to do:
the os is sparc-sun-solaris2.5 on a sun box - i don't know more about it,
I'm sorry..
My plan was to have the administrator
create a group that would have access to a directory on the server where
each user in that group had their own directories which I could set up as
contexts in server.xml
What I would like to know then is where the best place would be to place
Tomcat since the administrator wants control startups and shutdowns.
the next thing the RUNNING.txt says is:
you must configure a CATALINA_BASE environment variable (in
addition to CATALINA_HOME as described above) that points to a directory
that is unique to your instance
what would be a directory that is unique to my instance ?
could the user directory that the administrator creates be that directory?
since
When you do this, Tomcat 4 will calculate all relative references for
files in the following directories based on the value for CATALINA_BASE
instead of CATALINA_HOME:
* conf - Server configuration files (including server.xml)
* logs - Log and output files
* webapps - Automatically loaded web applications
* work - Temporary working directories for web applications
Whould this solve my task or have I completely gotten it wrong?
Maybe also what David Brown wrote about adresses what might become a
future problem: the service won't be public with a lot of traffic on it,
but the pages would be openly acessible. Since there have been several
attacks on our different servers, security is a hot issue these days, and
I have a hard time finding out how to solve the problem of having to bug
the administrator each time we need the server reset. It would be great if
there was a solution to this problem.
I am grateful for all help I can get in learning this ! : )
Rolf
~\\|//~
-(o o)-
************oOOOo**(_)**oOOOo************
* Rolf Borgen Guescini *
* ----------------------- *
* *
* rolfbg@turing.uio.no *
* niffel@chello.no *
* http://folk.uio.no/rolfbg *
* *
* *
* .oooO Oooo. *
**************( )***( )**************
\ ( ) /
\_) (_/
On Wed, 4 Dec 2002, Jeremy Joslin wrote:
> Start out by looking at #4 on the list here:
> http://jakarta.apache.org/tomcat/tomcat-4.0-doc/RUNNING.txt
>
> Jeremy
>
> > -----Original Message-----
> > From: Rolf Borgen Guescini [mailto:r.b.guescini@ilf-stud.uio.no]
> > Sent: Wednesday, December 04, 2002 8:13 AM
> > To: tomcat-user@jakarta.apache.org
> > Subject: Mutliuser setup
> >
> > Does anybody know what to do when setting up tomcat on a UNIX
> environment
> > for more than one user?
> >
> > Is the best way to define a directory owned by a group where all the
> users
> > belong,and then make contexts in server.xml?
> >
> > Or is there another way of doing it?
> >
> > RBG
> >
> > ~\\|//~
> > -(o o)-
> > ************oOOOo**(_)**oOOOo************
> > * Rolf Borgen Guescini *
> > * ----------------------- *
> > * *
> > * rolfbg@turing.uio.no *
> > * niffel@chello.no *
> > * http://folk.uio.no/rolfbg *
> > * *
> > * *
> > * .oooO Oooo. *
> > **************( )***( )**************
> > \ ( ) /
> > \_) (_/
> >
> >
> > --
> > To unsubscribe, e-mail: <mailto:tomcat-user-
> > unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail: <mailto:tomcat-user-
> > help@jakarta.apache.org>
>
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Mutliuser setup
Posted by Jeremy Joslin <je...@spotlife.com>.
Start out by looking at #4 on the list here:
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/RUNNING.txt
Jeremy
> -----Original Message-----
> From: Rolf Borgen Guescini [mailto:r.b.guescini@ilf-stud.uio.no]
> Sent: Wednesday, December 04, 2002 8:13 AM
> To: tomcat-user@jakarta.apache.org
> Subject: Mutliuser setup
>
> Does anybody know what to do when setting up tomcat on a UNIX
environment
> for more than one user?
>
> Is the best way to define a directory owned by a group where all the
users
> belong,and then make contexts in server.xml?
>
> Or is there another way of doing it?
>
> RBG
>
> ~\\|//~
> -(o o)-
> ************oOOOo**(_)**oOOOo************
> * Rolf Borgen Guescini *
> * ----------------------- *
> * *
> * rolfbg@turing.uio.no *
> * niffel@chello.no *
> * http://folk.uio.no/rolfbg *
> * *
> * *
> * .oooO Oooo. *
> **************( )***( )**************
> \ ( ) /
> \_) (_/
>
>
> --
> To unsubscribe, e-mail: <mailto:tomcat-user-
> unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-
> help@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>