[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Tomcat userid (was Tomcat 3.3 / 4.0 ? When?)

>GOMEZ> Yep, I added also in tomcat bin wrapper a :
>GOMEZ> chown -R tcuser:tcuser /var/tomcat/
>GOMEZ> to make sure that tomcat is running with the rigth profile
>That is not a good idea. The tomcat user should not own any files
>(besides logfiles and so on). If someone manages to break into the
>tomcat user account, they can change all the files owned by this user.
>With your settings, they can change all web applications.

Consider that you could have a web application, .war, which will
be exploded by tomcat at runtime so you need for some dirs, logs,
work, webapps write access !!!

Reply to: