[csw-users] Tomcat 5 Running as Root

Eric Enright eric.enright at gmail.com
Wed Oct 5 18:23:42 CEST 2005

On 10/5/05, James Lee <james at blastwave.org> wrote:
> On 04/10/05, 05:10:24, Eric Enright <eric.enright at gmail.com> wrote
> regarding [csw-users] Tomcat 5 Running as Root:
> > Is there any reason why Tomcat 5 runs as root?
> Because root starts the /etc/rc?.d/ scripts and nothing changes the
> user.  This is normal for Tomcat but I think wrong.
> You have to run as root to open the privileged ports (< 1024). The
> normal workaround is to use higher ports (8080) and somehow map to
> 80.

Right.  Any by default Tomcat binds to 8080, and from what I understand
it is common to connect to Tomcat through Apache.

> Tomcat can't change user because Java can't setuid.  This can be done
> during start up by invoking with su.

That is what I did.

> > Through
> > some minor twiddling I have it running as nobody now, with no ill-effect.
> Make sure the logs have permission.  Once set running as nobody should
> not be a problem.  Put you own work and logs outside /opt/csw.

It seems to need write access to conf/tomcat-users.xml as well.

> Note that CSWjetty5 (the Jetty Java HTTP Server and Servlet Container)
> will start as nobody or you can set the user with the env var JETTY_USER.
> Tomcat could do the same.  Please make a request for change to CSWtomcat5
> via:
>     http://www.blastwave.org/bugtrack/

I have done so:


Eric Enright

More information about the users mailing list