> From: peter.crowt...@melandra.com
> To: users@tomcat.apache.org
> Date: Sun, 1 Feb 2009 12:59:33 +0000
> Subject: RE: running tomcat with root user
>
> > From: epicwin...@hotmail.com [mailto:epicwin...@hotmail.com]
> > I have the latest tomcat 6 installed under centos 5.2. The
> > problem I am having is that it appears that I have to run
> > tomcat as root user, because the spring app that tomcat
> > starts needs to write files to other users' home directories.
> > The tomcat user doesn't have access to these directories.
> >
> > I tried making these users part of a shared group, but to
> > complicate the problem the users are jailed using jailkit.
> > So it doesn't appear that jailkit lets me add group write
> > privileges to the home directories and maintain a working jail.
> >
> > Can anyone suggest another alternative? I am not linux user
> > expert so maybe there is an obvious solution i am missing?
>
> Beyond Andre's solution of ACLs, there's another one that's more complex but
> might be more secure. It requires a slight shift in architecture.
>
> 1) Run Tomcat as the tomcat user. Change the way it writes files, so that
> instead of writing to the user directory it writes the details to a queue
> that you have control over. That could be a database, or a chunk of
> filestore.
>
> 2) Write a second daemon that runs as root, that reads the queue, does
> whatever checks you require so that it believes the queued requests are
> genuine, then writes the queued items to the users' directories.
>
> This reduces the attack surface of the system, in that tomcat's not running
> as root. You'd have to be careful with the security of the daemon and the
> queue but, if well-designed, the overall security may be better than running
> Tomcat as root.
>
> - Peter
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
Peter- I am considering options like this, the problem which complicates my
situation more is that the remote client accesses the files written immediately
after they are written and I don't want to deal with timing issues of the
daemon running before the client needs to access the files.
_________________________________________________________________
Windows Live™ Hotmail®:…more than just e-mail.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t2_hm_justgotbetter_explore_012009
