>GOMEZ> Yep, I added also in tomcat bin wrapper a : > >GOMEZ> chown -R tcuser:tcuser /var/tomcat/ > >GOMEZ> to make sure that tomcat is running with the rigth profile > >That is not a good idea. The tomcat user should not own any files >(besides logfiles and so on). If someone manages to break into the >tomcat user account, they can change all the files owned by this user. >With your settings, they can change all web applications.
Consider that you could have a web application, .war, which will be exploded by tomcat at runtime so you need for some dirs, logs, work, webapps write access !!! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
