DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=44225>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44225 Summary: SSL connector tries to load the private keystore file after privileges have already been dropped by JSVC Product: Tomcat 6 Version: 6.0.14 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Connectors AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The keystore file containing the private server key should be kept in a secure location readable only by root. But if you run Tomcat under a less privileged user, this prevents you from using this key for the Tomcat SSL Connector. You are left with two choices: either make the keystore readable to the Tomcat user, or run Tomcat permanently as root, neither of which is appealing from security point of view. Now, Tomcat supports Commons Daemon (JSVC), which allows it to be started on privileged ports (such as 80 or 443) while not having to run as root all the time. It does it by splitting initialization into "load" and "start" phases, where the "load" phase runs as root in order to acquire the privileged resources, while the "start" phase runs after dropping privileges. Unfortunately, the privileged "load" phase currently only binds the privileged ports. I propose to also move the loading of keystore files to this privileged "load" phase, so that private keystore files can be kept in a secure location, while Tomcat runs as non-privileged user. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
