Well the main problem is that Tomcat is running as root, so any bug in your webapp that allows the user to read/write/excecute an arbitrary file on your system will likely let a random blackhat take control of it.
"Tim Alberts" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I'm setting up Tomcat6 on Linux and want it to start on boot. I use the > following init script: > > #!/bin/sh > # description: Tomcat 6.0 web application server > # chkconfig: 2345 99 00 > > case "$1" in > 'start') > export JAVA_HOME=/usr/java/default > /opt/apache/apache-tomcat-6.0.16/bin/startup.sh > touch /var/lock/subsys/tomcat6 > ;; > 'stop') > /opt/apache/apache-tomcat-6.0.16/bin/shutdown.sh > rm -f /var/lock/subsys/tomcat6 > ;; > *) > echo "Usage: $0 { start | stop }" > ;; > esac > exit 0 > > This seems to work just fine. I have found the documentation about > setting up Tomcat as a unix daemon at: > > http://tomcat.apache.org/tomcat-6.0-doc/setup.html > > Should I be doing this, or is the script I'm using acceptable? > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
