[fedora-java] su to tomcat user?

John M. Gabriele john_sips_tea at yahoo.com
Wed Aug 10 13:45:52 UTC 2005 

Thanks Gary!

http://www.simisen.com/jmg/pmwiki/pmwiki.php?n=Main.GNUJavaOnFedora

---John



--- Gary Benson <gbenson at redhat.com> wrote:

> John M. Gabriele wrote:
> > --- Gary Benson <gbenson at redhat.com> wrote:
> > > John M. Gabriele wrote:
> > > > I noticed there's a tomcat user on my system:
> > > > 
> > > > [root at localhost ~]# cat /etc/passwd | grep tom
> > > > tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh
> > > > 
> > > > I'm just getting started using Tomcat on FC4.
> > > > 
> > > > Should I be su'ing to tomcat to work with files
> > > > in (and copy files into) /var/lib/tomcat5?
> > > > 
> > > > Or do I work in there as root, then chown -R
> > > > everthing to root:tomcat when I'm done?
> > > 
> > > Neither, ideally.  You should be able to work as root and leave
> > > the files owned as root.  Or as any other user: I'll often create
> > > a directory /var/lib/tomcat5/webapps/whatever and chown it
> > > gary.gary, and then just work in there under my normal login.
> > 
> > What's the purpose of having a "tomcat" user on the system at all?
> 
> Most things that run as daemons have their own user, to limit the
> effects of security vulnerabilities.  Malicious code inserted into
> a daemon running as root can do _anything_.  Malicious code inserted
> into a daemon running as an unprivileged user can only do what that
> user can do, which should ideally be as little as possible.
> 
> Daemons historically ran as root, but those that still do are a
> security nightmare.
> 
> > What's the point of having those links in /usr/share/tomcat5?
> 
> Because Tomcat expects to run out of one directory, but the FHS
> dictates that the various different files in that directory should
> live in various different places on the filesystem.
> 
> Cheers,
> Gary
> 
> --
> fedora-devel-java-list mailing list
> fedora-devel-java-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-java-list
> 



		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs

More information about the fedora-devel-java-list mailing list