ror, please notify
the sender immediately by telephone or email and destroy the original
message without making a copy. Thank you.
- Original Message -
From: "Peter Crowther" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Tuesday, August 01, 2006 8:46 AM
[Marked OT as this is now some distance from Tomcat]
> From: Christopher Schultz [mailto:[EMAIL PROTECTED]
> I might even go farther and suggest that you go with
> more a batch-job-list configuration
I was assuming the app was for interactive control and that the OP
wanted the user of the webapp
Everyone,
>> The servlet application needs to do things like mkfs,
>> vgcfgrestore, vgchange,
>> mount and umount.
Eek. From a webapp?
> I'd use setuid scripts with very careful permissions:
>
> - Write some shell scripts, one per action, to do what you need;
>
> - Audit those scripts for po
> From: Paul McMahon [mailto:[EMAIL PROTECTED]
> The servlet application needs to do things like mkfs,
> vgcfgrestore, vgchange,
> mount and umount.
I'd use setuid scripts with very careful permissions:
- Write some shell scripts, one per action, to do what you need;
- Audit those scripts for
I think I can limit a few of the ROOT actions required.
The servlet application needs to do things like mkfs, vgcfgrestore, vgchange,
mount and umount.
On Tuesday 01 August 2006 13:46, Peter Crowther wrote:
> > From: Paul McMahon [mailto:[EMAIL PROTECTED]
> > Is it possible to run Tomcat as non
> From: Paul McMahon [mailto:[EMAIL PROTECTED]
> Is it possible to run Tomcat as non ROOT,
> but have a servlet that needs ROOT access?
No.
> Or is the solution to have the servlet application code
> running as a separate
> daemon outside tomcat, with some form of comms to tomcat
> servlet wh
Is it possible to run tomcat as root? Yes.
Is it advised? No.
I think you're on the right track with the separate process idea. That
would limit the opportunities presented to would be hackers. Another
idea, you might be able to do something with the sudo command and
Runtime.exec() as long
Hi Paul,
If you use root to run, which means tomcat can access anywhere as your
root can do
upload a simple script (if you application has that function can crash
your system),
if you create a specific user and group, and define permission nicely,
this specific user can only do specific thing as
Yes I meant as root user in Linux, not the ROOT webapp.
I could try giving tomcat user root group access; this is also potentially a
security hole though?
On Tuesday 01 August 2006 12:14, you wrote:
> It is possible to run as non root (assume the "root" here is "root"
> for Unix/Linux?)
> you ca
It is possible to run as non root (assume the "root" here is "root"
for Unix/Linux?)
you can create a specific user say "tomcat" but still assign with
group root, or you can create group "tomcat", make sure your jdk is
accessible by the tomcat user and or group
Is you mean the root application in
10 matches
Mail list logo
