RE: Tomcat userid (was Tomcat 3.3 / 4.0 ? When?)
>GOMEZ> Yep, I added also in tomcat bin wrapper a :
>
>GOMEZ> chown -R tcuser:tcuser /var/tomcat/
>
>GOMEZ> to make sure that tomcat is running with the rigth profile
>
>That is not a good idea. The tomcat user should not own any files
>(besides logfiles and so on). If someone manages to break into the
>tomcat user account, they can change all the files owned by this user.
>With your settings, they can change all web applications.
Consider that you could have a web application, .war, which will
be exploded by tomcat at runtime so you need for some dirs, logs,
work, webapps write access !!!
Reply to: