Hello,
I'm currently setting up a tomcat 5.5 serveur behind an apache 1.3
server using mod_jk, all of this running under freebsd 6.0.
I've got two questions :
1) I managed to successfully run Tomcat under the root account in a
multi user setup, with .jsp files reachables via
www.site.com/~user/test.jsp and www.site.com:8080/~user/test.jsp by
using the PasswdUserDatabase UserConfig.
The problem is that I'm kinda worried about security and running tomcat
under the root account. I used the -security switch, which seems to work
great, but is it secure enough ? I don't want my users to walk through
the whole filesystem if there's some security leak :|
If so, then the following question might just be for "scientific"
purposes ;)
2) I created a tomcat user and tomcat group, chowned the whole tomcat
directory to tomcat:tomcat and launched the tomcat server without any
particular switch after having su-ed to the tomcat user.
The www.site.com:8080/ default page works great, but trying to get to
www.site.com/~user/test.jsp or www.site.com:8080/~user/test.jsp issues a
404 error from tomcat.
I found little help about this, and I'm quite puzzled about this 404 error.
Does anyone can help me with this ?
Thanks by advance,
--
François Conil
Administrateur Systèmes et Réseaux
<Pax> I wish my lawn was emo, so it would cut itself.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
