On Fri, Nov 30, 2001 at 02:43:31PM -0600, Adam Heath wrote: > I consider that a bug, and should probably file one. tomcat should not run as > the same user as apache, for security reasons.
In previous versions the auto-generated config file looked like this: JkMount /mywebapp/*.jsp ajp12 <Location "/mywebapp/WEB-INF/"> AllowOverride None deny from all </Location> <Location "/mywebapp/META-INF/"> AllowOverride None deny from all </Location> So static parts inside the /mywebapp directoy were served by Apache directly and dynamic parts (JSP pags and servlets) were passed to Tomcat using mod_jk. This changed in Tomcat 3.3: All files inside /mywebapp are handled by Tomcat now, like in this example: JkMount /mywebapp/* ajp13 If you want to restrict access to some files inside the webapp using UNIX file permissions both Apache and Tomcat need to run as the same user. If you want to run Tomcat as a different user you can do so by changin /etc/default/tomcat. -- Stefan Gybas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
