RE: Tomcat userid (was Re: Tomcat 3.3 / 4.0 ? When?)

To: debian-java@lists.debian.org
Subject: RE: Tomcat userid (was Re: Tomcat 3.3 / 4.0 ? When?)
From: GOMEZ Henri <hgomez@slib.fr>
Date: Mon, 3 Dec 2001 14:18:14 +0100
Message-id: <[🔎] BBDCA5B56D25F843A025AE850BA70F0604DE04@css8.slib.com>

>> I consider that a bug, and should probably file one.  tomcat 
>should not run as
>> the same user as apache, for security reasons.
>
>In previous versions the auto-generated config file looked like this:
>
>JkMount /mywebapp/*.jsp ajp12
><Location "/mywebapp/WEB-INF/">
>  AllowOverride None
>  deny from all
></Location>
><Location "/mywebapp/META-INF/">
>  AllowOverride None
>  deny from all
></Location>
>
>So static parts inside the /mywebapp directoy were served by 
>Apache directly
>and dynamic parts (JSP pags and servlets) were passed to Tomcat using
>mod_jk. This changed in Tomcat 3.3: All files inside /mywebapp 
>are handled
>by Tomcat now, like in this example:
>
>JkMount /mywebapp/* ajp13

It's not mandatory, many of us still didn't use the autoconf
feature of tomcat. Furthermore in next release of Tomcat 3.3/4.0
and mod_jk, the webapp will be discovered and sent via new
protocol ajp14 :)))

>If you want to restrict access to some files inside the webapp 
>using UNIX
>file permissions both Apache and Tomcat need to run as the 
>same user. If
>you want to run Tomcat as a different user you can do so by changin
>/etc/default/tomcat.

Yep, I added also in tomcat bin wrapper a :

chown -R tcuser:tcuser /var/tomcat/

to make sure that tomcat is running with the rigth profile

Reply to:

Follow-Ups:
- Re: Tomcat userid (was Tomcat 3.3 / 4.0 ? When?)
  - From: Guy Geens <ggeens@iname.com>

Prev by Date: Tomcat userid (was Re: Tomcat 3.3 / 4.0 ? When?)
Next by Date: Re: Tomcat userid (was Re: Tomcat 3.3 / 4.0 ? When?)
Previous by thread: Re: Tomcat userid (was Re: Tomcat 3.3 / 4.0 ? When?)
Next by thread: Re: Tomcat userid (was Tomcat 3.3 / 4.0 ? When?)
Index(es):
- Date
- Thread