Please tell me what is dangerous about running tomcat as root? I've taken
the following security measures :
port 8007 and 8009 is blocked from the outside (firewall)
tomcat is not running on 8080 and only allowing communications from
localhost (127.0.0.1).
The only potential problem is that if a tomcat /apache bug is exploited, you
potentially have a problem.
Looks pretty solid to me though..
Mvgr,
martin
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
> Of David Cassidy
> Sent: Friday, August 17, 2001 4:54 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Why and How Tomcat before Apache?
>
>
> unless you want to run your tomcat as root ( Very unwise )
> makesure that you use a 'su' command in your
> call to tomcat's start script...
>
>
>
> David
>
> Rui Miguel Seabra wrote:
> >
> > Just hack apachectl script to launch tomcat just before apache, and to
> > shut it down right aftwards.
> >
> > On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > > Ok ! but.. do you know the way to make this in automatic ( with
> > scripts at
> > > system start ) ??
> > >
> > > ----- Original Message -----
> > > From: "Barnabas Yohannes" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Friday, August 17, 2001 3:39 PM
> > > Subject: Re: Why and How Tomcat before Apache?
> > >
> > >
> > > > I cannot answer your "why" question, because, I am not one of the
> > > developers
> > > > of apache or tomcat. But here is the answer to your "how" question:
> > > >
> > > > *To stop and start your tomcat:
> > > >
> > > > cd /usr/local/tomcat
> > > >
> > > > bin/shutdown.sh
> > > >
> > > > bin/startup.sh
> > > >
> > > > *Exit from tomcat and go to your apache server:
> > > >
> > > > su
> > > >
> > > > /usr/local/apache/bin/apachectl restart
> > > >
> > > > exit
> > > >
> > > > * Another way of stopping and starting apache:
> > > >
> > > > bin/apachectl stop
> > > > bin/apachectl start
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Roberto B." <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Friday, August 17, 2001 4:50 AM
> > > > Subject: Why and How Tomcat before Apache?
> > > >
> > > >
> > > > > I have a Linux/Debian system.
> > > > > I want to use Apache as web-server and Tomcat only for JSP file.
> > > > >
> > > > > Is it true that it is necessary to make start Tomcat before
> > Apache?
> > > Why?..
> > > > > and if it is true.. how??
> > > > >
> > > > > Thanks!
> > > > > Roberto.
> > > > >
> > > > >
> > >
> > --
> > + No matter how much you do, you never do enough -- unknown
> > + Whatever you do will be insignificant,
> > | but it is very important that you do it -- Ghandi
> > + So let's do it...?
>
