[csw-users] Tomcat 5 Running as Root
Eric Enright
eric.enright at gmail.com
Wed Oct 5 18:23:42 CEST 2005
On 10/5/05, James Lee <james at blastwave.org> wrote:
> On 04/10/05, 05:10:24, Eric Enright <eric.enright at gmail.com> wrote
> regarding [csw-users] Tomcat 5 Running as Root:
>
> > Is there any reason why Tomcat 5 runs as root?
>
> Because root starts the /etc/rc?.d/ scripts and nothing changes the
> user. This is normal for Tomcat but I think wrong.
>
> You have to run as root to open the privileged ports (< 1024). The
> normal workaround is to use higher ports (8080) and somehow map to
> 80.
Right. Any by default Tomcat binds to 8080, and from what I understand
it is common to connect to Tomcat through Apache.
> Tomcat can't change user because Java can't setuid. This can be done
> during start up by invoking with su.
That is what I did.
> > Through
> > some minor twiddling I have it running as nobody now, with no ill-effect.
>
> Make sure the logs have permission. Once set running as nobody should
> not be a problem. Put you own work and logs outside /opt/csw.
It seems to need write access to conf/tomcat-users.xml as well.
> Note that CSWjetty5 (the Jetty Java HTTP Server and Servlet Container)
> will start as nobody or you can set the user with the env var JETTY_USER.
> Tomcat could do the same. Please make a request for change to CSWtomcat5
> via:
> http://www.blastwave.org/bugtrack/
I have done so:
http://www.blastwave.org/mantis/view_bug_page.php?f_id=0001206
--
Eric Enright
More information about the users
mailing list