>> I consider that a bug, and should probably file one. tomcat >should not run as >> the same user as apache, for security reasons. > >In previous versions the auto-generated config file looked like this: > >JkMount /mywebapp/*.jsp ajp12 ><Location "/mywebapp/WEB-INF/"> > AllowOverride None > deny from all ></Location> ><Location "/mywebapp/META-INF/"> > AllowOverride None > deny from all ></Location> > >So static parts inside the /mywebapp directoy were served by >Apache directly >and dynamic parts (JSP pags and servlets) were passed to Tomcat using >mod_jk. This changed in Tomcat 3.3: All files inside /mywebapp >are handled >by Tomcat now, like in this example: > >JkMount /mywebapp/* ajp13
It's not mandatory, many of us still didn't use the autoconf feature of tomcat. Furthermore in next release of Tomcat 3.3/4.0 and mod_jk, the webapp will be discovered and sent via new protocol ajp14 :))) >If you want to restrict access to some files inside the webapp >using UNIX >file permissions both Apache and Tomcat need to run as the >same user. If >you want to run Tomcat as a different user you can do so by changin >/etc/default/tomcat. Yep, I added also in tomcat bin wrapper a : chown -R tcuser:tcuser /var/tomcat/ to make sure that tomcat is running with the rigth profile -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
