> From: Paul McMahon [mailto:[EMAIL PROTECTED] > Is it possible to run Tomcat as non ROOT, > but have a servlet that needs ROOT access?
No. > Or is the solution to have the servlet application code > running as a separate > daemon outside tomcat, with some form of comms to tomcat > servlet when tasks need to be done? That would be my preference if I were implementing this. How much of your 'servlet application code' *actually* needs root access? Can you partition into a small piece that does, and most that doesn't? Minimising your attack surface in this way would probably be useful. Can you give us any more information about what you're doing that requires root? Does it *have* to require root, or can the requirement be reduced so that a non-root Tomcat can also do the same thing? In one sense this opens up an alternative hole; in another, depending on what you're doing, that may be better than allowing unrestricted root access to all tasks. - Peter --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]