True. The processes handling the requests however run as nobody. I suppose one could still find a way to compromise the master process, but I find it way more likely that they'd compromise the children. Furthermore, Its still a horrid idea to run tomcat as root, as you're running *everything* under tomcat as root as well.
-Andy On Fri, 2002-07-05 at 14:17, Bruno Dumon wrote: > On Fri, 2002-07-05 at 15:48, Andrew C. Oliver wrote: > > Hummm. I'm not running Apache as root (its running as "nobody"). It > > responds on port 80. > > I'm starting it with apachectl. > > > > If it responds to port 80, the main httpd process is running with root > privileges. The user that is used for the childprocesses handling the > requests is normally specified using the 'User' directive in the > httpd.conf > > -- > Bruno > > > > --------------------------------------------------------------------- > Please check that your question has not already been answered in the > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > For additional commands, e-mail: <[EMAIL PROTECTED]> > -- http://www.superlinksoftware.com - software solutions for business http://jakarta.apache.org/poi - Excel/Word/OLE 2 Compound Document in Java http://krysalis.sourceforge.net/centipede - the best build/project structure a guy/gal could have! - Make Ant simple on complex Projects! The avalanche has already started. It is too late for the pebbles to vote. -Ambassador Kosh --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>