-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jan,
On 2/25/15 5:13 PM, Jan Tosovsky wrote: > there are plenty resources mentioning it is a must to run tomcat as > a dedicated user with limited permissions. > > Is it still true when tomcat doesn't run standalone, but via Apache > web server connected via AJP? That webserver already runs in the > restrictive mode. Yes. Why would you want to run Tomcat as root/Administrator? I don't believe it gives you any advantage whatsoever, and can open you up to all kinds of problems. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU7yARAAoJEBzwKT+lPKRYfGYP/1PqU1SNxqN/03cn29hLm1SW GU0UV6YwYXuapTc7hOZeR2vJUUDkIbCgPmz/xtwOO53Amw6nfdqHSuu1fyfNTN+8 mySOkroRD+4s02BtBRa8TyK2sESdr3DX0wgYkfLuBjflpmFiwdX9w17jFqfH6mUR Q8HKSZueOv72IybI/E223JkcXG1ImyXlt/HBT6YeG1kxMOMfX0yaak14kklcbKUk YJKPj35cv8DySVW20ghMoKt6F65P9Y54cjK3AWOxaO8EGSvn7RaY2Pv+w5bWcE9f Nb4dUeMQCg0mieWe0pweLDuLVi+O3eZ7V4RsbI04bIiaP08QZxKlMC6HDWthLKAw op0gEmEmMoPm1I5B/g8dW5LWPqSbvV169PkRyKC8agQbuGbPAIUHudmwHSEswSv1 9UX+l9+Ey7HvHGQHUSFr8MX70mgrmPvfpAhxDCOU90Cj8sATEQtnhqo2E0AeBgEr rUA04tp5Lf64fsIZ9uhNiW8KuxP5/CCeWfTlNHZ4b169qIvc9ZCla8Gl/cQ+SNWr 0FXP7d2Yun5Hx5FeE3Yfu9xzT1qvOLWI19C4cM8EhgqxVAOgUA7zx4JWIlBuNmrH jIsoweJI2Uwq0g9hjQtInN7/Y15gBiHeL/WxAtAMEqn/ygk0FUVPd6r5y6LXoVx1 TGGg8PwnduySY6R9iYS+ =Mo36 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org