You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by Bertrand Guay-Paquet <be...@step.polymtl.ca> on 2012/10/02 18:35:41 UTC
conf/conf.d Directory + port 4200
Hi,
I followed the instructions from
https://tomcat.apache.org/tomcat-7.0-doc/security-howto.html , in the
"Non-Tomcat settings" section regarding the file permissions of the
different directories. With these, the TomEE process can only write to
the logs/, temp/ and work/ directories.
While searching why port 4200 is open, I found a file that is created on
the first run of tomee : conf/conf.d/admin.properties. Another file,
"hsql.properties" is created there as well. The fact that TomEE writes
to the conf directory is at odds with the file system security suggested
by Tomcat.
Is there a way to reconcile the security requirements with the
configuration files?
Are there other parts of the Tomcat documentation that must be modified
or dismissed when running TomEE? Is this documented somewhere?
Also, what is port 4200 anyway? I still haven't found out...
Thanks!
Bertrand
Re: conf/conf.d Directory + port 4200
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Not sure about the doc.
Admin service is mainly about standalone openejb (should be skipped in last
release). Hsql is to start a hsql remote server (you can disable it)
Le 2 oct. 2012 21:58, "Bertrand Guay-Paquet" <be...@step.polymtl.ca> a
écrit :
> Hi,
>
> Thanks for your answer!
>
> Yes this is with 1.0.0.
>
> If TomEE only writes to the conf dir if files are not present, it's easy
> to work around.
>
> Thanks for the hint regarding the services. However, I'm not completely
> sure how to handle them. What does the admin service actually do? Is this
> part of Tomcat or added by TomEE? Is the hsql service required for
> persisting sessions or other stuff in the JavaEE stack? I noticed that
> tomee.xml contains 2 hsql data sources: "My DataSource" and "My Unmanaged
> DataSource".
>
> If there is documentation for this, please don't hesitate to refer me to
> the right place! I might have missed it in my confusion.
>
> Regards,
> Bertrand
>
> On 02/10/2012 3:35 PM, Romain Manni-Bucau wrote:
>
>> Hi,
>>
>> Is it with last release or 1.0.0?
>>
>> Btw TomEE creats config files when not present.
>>
>> For production just create them before and potentially set disabled to
>> true
>> in properties file for services you dont want (admin, hsql for instance)
>> Le 2 oct. 2012 18:36, "Bertrand Guay-Paquet" <be...@step.polymtl.ca> a
>> écrit :
>>
>> Hi,
>>>
>>> I followed the instructions from https://tomcat.apache.org/**
>>> tomcat-7.0-doc/security-howto.****html<https://tomcat.apache.**
>>> org/tomcat-7.0-doc/security-**howto.html<https://tomcat.apache.org/tomcat-7.0-doc/security-howto.html>>,
>>> in the "Non-Tomcat settings" section regarding the file permissions of
>>> the different directories. With these, the TomEE process can only write
>>> to
>>> the logs/, temp/ and work/ directories.
>>>
>>> While searching why port 4200 is open, I found a file that is created on
>>> the first run of tomee : conf/conf.d/admin.properties. Another file,
>>> "hsql.properties" is created there as well. The fact that TomEE writes to
>>> the conf directory is at odds with the file system security suggested by
>>> Tomcat.
>>>
>>> Is there a way to reconcile the security requirements with the
>>> configuration files?
>>>
>>> Are there other parts of the Tomcat documentation that must be modified
>>> or
>>> dismissed when running TomEE? Is this documented somewhere?
>>>
>>> Also, what is port 4200 anyway? I still haven't found out...
>>>
>>> Thanks!
>>> Bertrand
>>>
>>>
>
Re: conf/conf.d Directory + port 4200
Posted by Bertrand Guay-Paquet <be...@step.polymtl.ca>.
Hi,
Thanks for your answer!
Yes this is with 1.0.0.
If TomEE only writes to the conf dir if files are not present, it's easy
to work around.
Thanks for the hint regarding the services. However, I'm not completely
sure how to handle them. What does the admin service actually do? Is
this part of Tomcat or added by TomEE? Is the hsql service required for
persisting sessions or other stuff in the JavaEE stack? I noticed that
tomee.xml contains 2 hsql data sources: "My DataSource" and "My
Unmanaged DataSource".
If there is documentation for this, please don't hesitate to refer me to
the right place! I might have missed it in my confusion.
Regards,
Bertrand
On 02/10/2012 3:35 PM, Romain Manni-Bucau wrote:
> Hi,
>
> Is it with last release or 1.0.0?
>
> Btw TomEE creats config files when not present.
>
> For production just create them before and potentially set disabled to true
> in properties file for services you dont want (admin, hsql for instance)
> Le 2 oct. 2012 18:36, "Bertrand Guay-Paquet" <be...@step.polymtl.ca> a
> écrit :
>
>> Hi,
>>
>> I followed the instructions from https://tomcat.apache.org/**
>> tomcat-7.0-doc/security-howto.**html<https://tomcat.apache.org/tomcat-7.0-doc/security-howto.html>, in the "Non-Tomcat settings" section regarding the file permissions of
>> the different directories. With these, the TomEE process can only write to
>> the logs/, temp/ and work/ directories.
>>
>> While searching why port 4200 is open, I found a file that is created on
>> the first run of tomee : conf/conf.d/admin.properties. Another file,
>> "hsql.properties" is created there as well. The fact that TomEE writes to
>> the conf directory is at odds with the file system security suggested by
>> Tomcat.
>>
>> Is there a way to reconcile the security requirements with the
>> configuration files?
>>
>> Are there other parts of the Tomcat documentation that must be modified or
>> dismissed when running TomEE? Is this documented somewhere?
>>
>> Also, what is port 4200 anyway? I still haven't found out...
>>
>> Thanks!
>> Bertrand
>>
Re: conf/conf.d Directory + port 4200
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi,
Is it with last release or 1.0.0?
Btw TomEE creats config files when not present.
For production just create them before and potentially set disabled to true
in properties file for services you dont want (admin, hsql for instance)
Le 2 oct. 2012 18:36, "Bertrand Guay-Paquet" <be...@step.polymtl.ca> a
écrit :
> Hi,
>
> I followed the instructions from https://tomcat.apache.org/**
> tomcat-7.0-doc/security-howto.**html<https://tomcat.apache.org/tomcat-7.0-doc/security-howto.html>, in the "Non-Tomcat settings" section regarding the file permissions of
> the different directories. With these, the TomEE process can only write to
> the logs/, temp/ and work/ directories.
>
> While searching why port 4200 is open, I found a file that is created on
> the first run of tomee : conf/conf.d/admin.properties. Another file,
> "hsql.properties" is created there as well. The fact that TomEE writes to
> the conf directory is at odds with the file system security suggested by
> Tomcat.
>
> Is there a way to reconcile the security requirements with the
> configuration files?
>
> Are there other parts of the Tomcat documentation that must be modified or
> dismissed when running TomEE? Is this documented somewhere?
>
> Also, what is port 4200 anyway? I still haven't found out...
>
> Thanks!
> Bertrand
>