[csw-users] Tomcat 5 Running as Root
eric.enright at gmail.com
Wed Oct 5 18:23:42 CEST 2005
On 10/5/05, James Lee <james at blastwave.org> wrote:
> On 04/10/05, 05:10:24, Eric Enright <eric.enright at gmail.com> wrote
> regarding [csw-users] Tomcat 5 Running as Root:
> > Is there any reason why Tomcat 5 runs as root?
> Because root starts the /etc/rc?.d/ scripts and nothing changes the
> user. This is normal for Tomcat but I think wrong.
> You have to run as root to open the privileged ports (< 1024). The
> normal workaround is to use higher ports (8080) and somehow map to
Right. Any by default Tomcat binds to 8080, and from what I understand
it is common to connect to Tomcat through Apache.
> Tomcat can't change user because Java can't setuid. This can be done
> during start up by invoking with su.
That is what I did.
> > Through
> > some minor twiddling I have it running as nobody now, with no ill-effect.
> Make sure the logs have permission. Once set running as nobody should
> not be a problem. Put you own work and logs outside /opt/csw.
It seems to need write access to conf/tomcat-users.xml as well.
> Note that CSWjetty5 (the Jetty Java HTTP Server and Servlet Container)
> will start as nobody or you can set the user with the env var JETTY_USER.
> Tomcat could do the same. Please make a request for change to CSWtomcat5
I have done so:
More information about the users