Hi Brian,
For your information, you should have a look at zone configuration, which
allows you to start different JVM (manually) under different userid/gid.
Jean-Luc
"Brian S. Wallace" wrote:
> Hi:
>
> We have a security concern about servlets running as the web server
> UID/GID. Also, every developer in the same zone can access all of the
> other servlets in that zone, right? This means adding a new zone each time
> a new developer wants to do a project on our central server.
>
> I've been looking through the online documents and I see suggestions such
> as putting each developer in a separate zone and/or running multiple
> JServs. From my point of view as a system manager, this creates a very
> complicated system when you have multiple developers using central servers
> (which is our case).
>
> There is mention of future changes to JServ to allow control of UID/GID via
> the configuration files. Can someone elaborate on this? We currently run
> our Apache servers with special UID/GID's and we also use CGIWrap to
> restrict what developer's CGI programs can do.
>
> We have three main central web servers and dozens of developers. So far, I
> have found this concept of zones and mount points to be very confusing and
> difficult to setup. Am I the only one that feels this way? Is this a
> design thing driven by the way Java works or what?
>
> Thanks for your help,
>
> Brian S. Wallace
>
> Oak Ridge National Laboratory
> P. O. Box 2008, MS 6394
> Oak Ridge, Tennessee 37831-6394
>
> Voice (423) 576-3193
> Fax (423) 574-5323
>
> http://www-internal.ornl.gov/~xsw/
>
> ----------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Archives and Other: <http://www.working-dogs.com/>
> Problems?: [EMAIL PROTECTED]
----------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://www.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
