Re: Changing Tomcat's User ID
you may want to use in your script: /usr/bin/su nobody -c "$TOMCAT_HOME/bin/startup.sh" hth * * Boris NiyazovPh: 212-854-4094 Fax: 212-854-1749 * * Systems Manager Email: [EMAIL PROTECTED] * * Columbia Law School URL: http://www.law.columbia.edu * * > >I'm running tomcat 3.2.1 on Solaris. It is started in an rc2.d/ script by >root, and therefore runs as root. We'd like to be able to have it run as >nobody like apache does. Is there a way to do this? I read through the >documentation on it, and it mentioned using su inside of the start scripts, >but that method did not work. >Any help would be greatly appreciated. >Thanks, >Jason Majors >
Re: Changing Tomcat's User ID
Correct me if I'm wrong, but if you're running with Apache and ajp12 or ajp13, you shouldn't have any problems because Tomcat is only responding on ports 8007 and 8009. You only have problems when you're running Tomcat stand-alone and you want it to respond on the normal http (80) and https (443) ports. However, I've heard it's kind of a nightmare getting all the directory and file permissions correct for the non-root user. --jeff - Original Message - From: "Tim O'Neil" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, May 18, 2001 4:00 PM Subject: Re: Changing Tomcat's User ID > At 03:05 PM 5/18/2001 -0700, you wrote: > >I'm running tomcat 3.2.1 on Solaris. It is started in an rc2.d/ script by > >root, and therefore runs as root. We'd like to be able to have it run as > >nobody like apache does. Is there a way to do this? I read through the > >documentation on it, and it mentioned using su inside of the start scripts, > >but that method did not work. > >Any help would be greatly appreciated. > >Thanks, > >Jason Majors > > You can't do that, unless you're willing to run > it on a port > 1024. Remember, ports below 1024 > are root access only. Apache gets away with it > because it's an admin process that runs as root > + a web server process + its native code. Tomcat, > being Java, is going to have a hard enough time > without a root process to kick it off. > >
RE: Changing Tomcat's User ID
At 07:33 PM 5/18/2001 -0400, you wrote: >Your message tells the origial poster that he can't run tomcat as non-root >using start up scripts. This doesn't seem to be true. All he need is to >switch to non-root before starting 'java Tomcat'. Then you didn't read it very carefully...
RE: Changing Tomcat's User ID
Your message tells the origial poster that he can't run tomcat as non-root using start up scripts. This doesn't seem to be true. All he need is to switch to non-root before starting 'java Tomcat'. >-Original Message- >From: Tim O'Neil [mailto:[EMAIL PROTECTED]] >Sent: Friday, May 18, 2001 7:24 PM >To: [EMAIL PROTECTED] >Subject: RE: Changing Tomcat's User ID > > >At 07:23 PM 5/18/2001 -0400, you wrote: >>Will there be problems if port > 1024? >> >>Of course, the port will be > 1024 if running as non-root. > >So, in other words, the point of your rebuttal was null. >
RE: Changing Tomcat's User ID
At 07:23 PM 5/18/2001 -0400, you wrote: >Will there be problems if port > 1024? > >Of course, the port will be > 1024 if running as non-root. So, in other words, the point of your rebuttal was null.
RE: Changing Tomcat's User ID
Will there be problems if port > 1024? Of course, the port will be > 1024 if running as non-root. >-Original Message- >From: Tim O'Neil [mailto:[EMAIL PROTECTED]] >Sent: Friday, May 18, 2001 7:19 PM >To: [EMAIL PROTECTED] >Subject: RE: Changing Tomcat's User ID > > >At 07:16 PM 5/18/2001 -0400, you wrote: >>I am running tomcat as non-root user. Why can't you do it? > >You sure its not a "non-root" user with root >privs? Or the port is >1024? > > >
RE: Changing Tomcat's User ID
At 07:16 PM 5/18/2001 -0400, you wrote: >I am running tomcat as non-root user. Why can't you do it? You sure its not a "non-root" user with root privs? Or the port is >1024?
RE: Changing Tomcat's User ID
I am running tomcat as non-root user. Why can't you do it? >-Original Message- >From: Tim O'Neil [mailto:[EMAIL PROTECTED]] >Sent: Friday, May 18, 2001 7:00 PM >To: [EMAIL PROTECTED] >Subject: Re: Changing Tomcat's User ID > > >At 03:05 PM 5/18/2001 -0700, you wrote: >>I'm running tomcat 3.2.1 on Solaris. It is started in an >rc2.d/ script by >>root, and therefore runs as root. We'd like to be able to >have it run as >>nobody like apache does. Is there a way to do this? I read through the >>documentation on it, and it mentioned using su inside of the >start scripts, >>but that method did not work. >>Any help would be greatly appreciated. >>Thanks, >>Jason Majors > >You can't do that, unless you're willing to run >it on a port > 1024. Remember, ports below 1024 >are root access only. Apache gets away with it >because it's an admin process that runs as root >+ a web server process + its native code. Tomcat, >being Java, is going to have a hard enough time >without a root process to kick it off. > >
Re: Changing Tomcat's User ID
At 03:05 PM 5/18/2001 -0700, you wrote: >I'm running tomcat 3.2.1 on Solaris. It is started in an rc2.d/ script by >root, and therefore runs as root. We'd like to be able to have it run as >nobody like apache does. Is there a way to do this? I read through the >documentation on it, and it mentioned using su inside of the start scripts, >but that method did not work. >Any help would be greatly appreciated. >Thanks, >Jason Majors You can't do that, unless you're willing to run it on a port > 1024. Remember, ports below 1024 are root access only. Apache gets away with it because it's an admin process that runs as root + a web server process + its native code. Tomcat, being Java, is going to have a hard enough time without a root process to kick it off.
RE: Changing Tomcat's User ID
>-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] >Sent: Friday, May 18, 2001 6:06 PM >To: [EMAIL PROTECTED] >Subject: Changing Tomcat's User ID > > >I'm running tomcat 3.2.1 on Solaris. It is started in an >rc2.d/ script by >root, and therefore runs as root. We'd like to be able to have >it run as >nobody like apache does. Is there a way to do this? I read through the >documentation on it, and it mentioned using su inside of the >start scripts, >but that method did not work. How did you do it and why is it not working? >Any help would be greatly appreciated. >Thanks, >Jason Majors >
Changing Tomcat's User ID
I'm running tomcat 3.2.1 on Solaris. It is started in an rc2.d/ script by root, and therefore runs as root. We'd like to be able to have it run as nobody like apache does. Is there a way to do this? I read through the documentation on it, and it mentioned using su inside of the start scripts, but that method did not work. Any help would be greatly appreciated. Thanks, Jason Majors
