security manager problem

Tue, 05 Nov 2002 19:18:02 -0800 

Dear all,

Just started with tomcat 4.1.2, i am trying to run things a little bit more
secure, and try to figure out a good way to start and stop the server. Pls
do comment if you have any opinion or good reference regarding this. Thanks
a million.

- I plan to run the tomcat server as user "tomcat"
- I have changed everything under $CATALINA_HOME owned by "tomcat" user (is
this necessary at all? or we'll just need to change the logging directory to
be writable by user tomcat?) and start tomcat using "su -c
$CATALICA_HOME/bin/startup.sh tomcat"
- Does tomcat have similar setting like apache httpd server, where u can set
user and group permission to run as, you start the server as root to
initialize everything that needed root, then the server will change and run
as your desired credential?

With the above setup it is running fine, but when i try to run it with the
security manager using the default catalina.policy

# export CATALINA_OPTS=-Djava.security.debug=access,failure
# su -c $CATALICA_HOME/bin/startup.sh tomcat -security

i got the following exception:

Exception during startup processing
java.security.AccessControlException: access denied
(java.lang.RuntimePermission getClassLoader)
        at
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:270)
        at
java.security.AccessController.checkPermission(AccessController.java:401)
        at
java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
        at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1031)
        at org.apache.catalina.startup.Catalina.<init>(Catalina.java:127)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
        at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAcces
sorImpl.java:39)
        at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstruc
torAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
        at java.lang.Class.newInstance0(Class.java:306)
        at java.lang.Class.newInstance(Class.java:259)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:179)


what could be wrong? any comments are appreciated. Thanks.

regards,
mok



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>

Reply via email to