Andres,

On 12/3/15 8:42 AM, Andres Riancho wrote:
> List,
> 
>     I'm trying to secure my tomcat instances. One of the steps I took
> was to run the tomcat process using the non-privileged "tomcat" user,
> and set the file system permissions as restrictive as possible. It all
> works well, but there is something missing: "The tomcat user is able
> to read the access log files":
> 
> root@7083cdc8e2fc:/apps/tomcat/logs# ls -la
> ...
> -rw-rw----  1 tomcat tomcat    0 Dec  1 19:46 
> 0.0.0.0_access_log.2015-12-01.txt
> 
>     Is there any way to configure tomcat to be able to write to the
> access log file, but have the file owned by root with permissions 600?
> I understand that this is done by starting the tomcat process as root
> and then dropping privileges using setuid() , but was unable to find
> something already built / well documented.

How do you launch Tomcat? If you use the scripts, you could use
something like bin/setenv.sh to check the permissions of the log files
and refuse to start if they aren't the way you want them.

For files that don't already exist, you'll have to refuse to start if
they don't exist, because a process can't create a new file owned by
another user. You'd have to disable file-rotation because of the same
problem.

Are you more worried about a hostile web application running within your
server, a hostile remote user, a vulnerability in a web application, or
a vulnerability in Tomcat?

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to