Darren J Moffat wrote: > Peter Dennis wrote: >> Details of the new user: >> >> /etc/passwd: >> tomcat:x:85:85:Tomcat Reserved UID:/: > > What passwd does tomcat have ? Is is NP (so cron jobs can be run) or > *LK* so that it is locked ?
/etc/shadow: tomcat:*LK*::::::: > I think /var/tomcat6/ would be a more appropriate home dir than /. It would be limiting when Tomcat 7 is integrated (beside that "webservd" and other I'm following don't do that). >> /etc/group: >> tomcat::85: > > Is a group really necessary here or just a user ? It's not necessary. I'm just following others (webservd, mysql, postgres). >> /etc/user_attr: >> tomcat::::defaultpriv=basic,net_privaddr > > It don't like that, I don't think it is necessary and I don't think it > actually works either. Ok, I'm withdrawing changes for /etc/user_attr (but it worked for me :-) Instead net_privaddr privilege will be granted to tomcat user in SMF manifest file via method credential. Petr >> With the change to use SMF(5) Tomcat will now contain a ready to use >> configuration file /var/tomcat6/conf/server.xml. To comply with >> the Solaris file system organization (filesystem(5)) a relative symlink >> /etc/tomcat6, pointing to /var/tomcat6/conf directory, is added. > > Instead of assigning net_privaddr to the user's initial program on login > (which is what the user_attr entry actually does) the SMF manifest > should have a method credential that assigns net_privaddr. The method > credential should also ensure that it is running as the tomcat user.
