> From: Paul McMahon [mailto:[EMAIL PROTECTED] > The servlet application needs to do things like mkfs, > vgcfgrestore, vgchange, > mount and umount.
I'd use setuid scripts with very careful permissions: - Write some shell scripts, one per action, to do what you need; - Audit those scripts for possible security holes; - Put the Tomcat process into its own group (let's call it 'tomcat'); - chown root.tomcat <script> - chmod 710 <script> - chmod u+s <script> - Call the scripts from the servlet. At this point, your threats come from: someone breaking into your servlet or installing a new servlet on the machine and running a script as Tomcat (damage limited to whatever the script can do); someone su-ing to tomcat (ditto); someone gaining the same group membership as Tomcat (ditto); someone affecting filestore and being able to change permissions (major damage); or holes in the scripts (damage potentially unlimited). There may be other threats I've not seen. But I ain't a security expert :-). - Peter --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]