On Thu, May 10, 2001 at 02:03:36PM -0700, Joel Dudley wrote:
> Hello all,
> I have a security question for you all. We are going to have some java
> processes running on our server and, for security reasons, we would prefer
> that the JVM not run as root. However, due to the nature of our app and
> infrastructure out app needs to be able to do things as different users. The
> only way I can think to do this is by having the JVM run as root and
> spawning threads that have the permissions x user. Is there another way to
> approach this problem? Is it passible for an app to spawn a process as a
> different user if they are not root? Thanks.
In general no, unless you're exec'ing an executable with setuid permissions.
The usual Unix/Linux solution if you don't want your app to run as root
is a tool like "su" or "su2" which are setuid-root and perform some
authorization checks before executing a shell or some other command as
another user. The latter, "su2", is highly configurable and an excellent
solution if you have a known set of commands you want to make available
to your non-privileged user (the user running Java).
Nathan
>
> - Joel
>
>
> ----------------------------------------------------------------------
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
----------------------------------------------------------------------
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
