I noticed there's a tomcat user on my system:
[root@localhost ~]# cat /etc/passwd | grep tom tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh
I'm just getting started using Tomcat on FC4.
Should I be su'ing to tomcat to work with files in (and copy files into) /var/lib/tomcat5?
Or do I work in there as root, then chown -R everthing to root:tomcat when I'm done?
And why are there links in the tomcat user's home directory (/usr/share/tomcat5) pointing to all the relevant tomcat5 directories?
As usual, I'm writing out my notes and leaving them lying around in case they might be useful for someone else: http://www.simisen.com/jmg/pmwiki/pmwiki.php?n=Main.SimpleServlet
---John
____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
John M. Gabriele wrote:
I noticed there's a tomcat user on my system:
[root@localhost ~]# cat /etc/passwd | grep tom tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh
I'm just getting started using Tomcat on FC4.
Should I be su'ing to tomcat to work with files in (and copy files into) /var/lib/tomcat5?
Or do I work in there as root, then chown -R everthing to root:tomcat when I'm done?
Neither, ideally. You should be able to work as root and leave the files owned as root. Or as any other user: I'll often create a directory /var/lib/tomcat5/webapps/whatever and chown it gary.gary, and then just work in there under my normal login.
Incidentally, does anyone know why the example webapps are chgrp tomcat? It seems to have been done in order to giving the server write access to its webapps, but allowing the server write into classloader directories seems to me like an open invitation for vulnerabilities and I'd like to remove it.
Cheers, Gary
--- Gary Benson gbenson@redhat.com wrote:
John M. Gabriele wrote:
I noticed there's a tomcat user on my system:
[root@localhost ~]# cat /etc/passwd | grep tom tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh
I'm just getting started using Tomcat on FC4.
Should I be su'ing to tomcat to work with files in (and copy files into) /var/lib/tomcat5?
Or do I work in there as root, then chown -R everthing to root:tomcat when I'm done?
Neither, ideally. You should be able to work as root and leave the files owned as root. Or as any other user: I'll often create a directory /var/lib/tomcat5/webapps/whatever and chown it gary.gary, and then just work in there under my normal login.
What's the purpose of having a "tomcat" user on the system at all?
What's the point of having those links in /usr/share/tomcat5?
____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
John M. Gabriele wrote:
--- Gary Benson gbenson@redhat.com wrote:
John M. Gabriele wrote:
I noticed there's a tomcat user on my system:
[root@localhost ~]# cat /etc/passwd | grep tom tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh
I'm just getting started using Tomcat on FC4.
Should I be su'ing to tomcat to work with files in (and copy files into) /var/lib/tomcat5?
Or do I work in there as root, then chown -R everthing to root:tomcat when I'm done?
Neither, ideally. You should be able to work as root and leave the files owned as root. Or as any other user: I'll often create a directory /var/lib/tomcat5/webapps/whatever and chown it gary.gary, and then just work in there under my normal login.
What's the purpose of having a "tomcat" user on the system at all?
Most things that run as daemons have their own user, to limit the effects of security vulnerabilities. Malicious code inserted into a daemon running as root can do _anything_. Malicious code inserted into a daemon running as an unprivileged user can only do what that user can do, which should ideally be as little as possible.
Daemons historically ran as root, but those that still do are a security nightmare.
What's the point of having those links in /usr/share/tomcat5?
Because Tomcat expects to run out of one directory, but the FHS dictates that the various different files in that directory should live in various different places on the filesystem.
Cheers, Gary
Thanks Gary!
http://www.simisen.com/jmg/pmwiki/pmwiki.php?n=Main.GNUJavaOnFedora
---John
--- Gary Benson gbenson@redhat.com wrote:
John M. Gabriele wrote:
--- Gary Benson gbenson@redhat.com wrote:
John M. Gabriele wrote:
I noticed there's a tomcat user on my system:
[root@localhost ~]# cat /etc/passwd | grep tom tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh
I'm just getting started using Tomcat on FC4.
Should I be su'ing to tomcat to work with files in (and copy files into) /var/lib/tomcat5?
Or do I work in there as root, then chown -R everthing to root:tomcat when I'm done?
Neither, ideally. You should be able to work as root and leave the files owned as root. Or as any other user: I'll often create a directory /var/lib/tomcat5/webapps/whatever and chown it gary.gary, and then just work in there under my normal login.
What's the purpose of having a "tomcat" user on the system at all?
Most things that run as daemons have their own user, to limit the effects of security vulnerabilities. Malicious code inserted into a daemon running as root can do _anything_. Malicious code inserted into a daemon running as an unprivileged user can only do what that user can do, which should ideally be as little as possible.
Daemons historically ran as root, but those that still do are a security nightmare.
What's the point of having those links in /usr/share/tomcat5?
Because Tomcat expects to run out of one directory, but the FHS dictates that the various different files in that directory should live in various different places on the filesystem.
Cheers, Gary
-- fedora-devel-java-list mailing list fedora-devel-java-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-java-list
____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Any time ;)
John M. Gabriele wrote:
Thanks Gary!
http://www.simisen.com/jmg/pmwiki/pmwiki.php?n=Main.GNUJavaOnFedora
---John
--- Gary Benson gbenson@redhat.com wrote:
John M. Gabriele wrote:
--- Gary Benson gbenson@redhat.com wrote:
John M. Gabriele wrote:
I noticed there's a tomcat user on my system:
[root@localhost ~]# cat /etc/passwd | grep tom tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh
I'm just getting started using Tomcat on FC4.
Should I be su'ing to tomcat to work with files in (and copy files into) /var/lib/tomcat5?
Or do I work in there as root, then chown -R everthing to root:tomcat when I'm done?
Neither, ideally. You should be able to work as root and leave the files owned as root. Or as any other user: I'll often create a directory /var/lib/tomcat5/webapps/whatever and chown it gary.gary, and then just work in there under my normal login.
What's the purpose of having a "tomcat" user on the system at all?
Most things that run as daemons have their own user, to limit the effects of security vulnerabilities. Malicious code inserted into a daemon running as root can do _anything_. Malicious code inserted into a daemon running as an unprivileged user can only do what that user can do, which should ideally be as little as possible.
Daemons historically ran as root, but those that still do are a security nightmare.
What's the point of having those links in /usr/share/tomcat5?
Because Tomcat expects to run out of one directory, but the FHS dictates that the various different files in that directory should live in various different places on the filesystem.
Cheers, Gary
On 8 Aug 2005, at 19:04, John M. Gabriele wrote:
As usual, I'm writing out my notes and leaving them lying around in case they might be useful for someone else: http://www.simisen.com/jmg/pmwiki/pmwiki.php?n=Main.SimpleServlet
John,
Thanks for this. Looks like you're using a straight out of the box installation of Tomcat and deploying the application file set manually, yes?
Have you tried deploying applications from WAR? Tried web app directories outside the Tomcat directory? Any special configuration advice?
I'm planning to upgrade to FC4 soon, just lurking for tips on Tomcat use. Anything you can share would be most welcome.
Best regards,
Phil -- MKSearch (alpha)
URL:http://www.mksearch.mkdoc.org/
Free, open source metadata search engine with RDF storage and query.
--- Phil Shaw phil@mkdoc.com wrote:
On 8 Aug 2005, at 19:04, John M. Gabriele wrote:
As usual, I'm writing out my notes and leaving them lying around in case they might be useful for someone else: http://www.simisen.com/jmg/pmwiki/pmwiki.php?n=Main.SimpleServlet
John,
Thanks for this.
My pleasure. :)
Looks like you're using a straight out of the box installation of Tomcat and deploying the application file set manually, yes?
Yup.
Have you tried deploying applications from WAR?
Nope.
Tried web app directories outside the Tomcat directory?
Nope.
Any special configuration advice?
None yet. I'm still pretty new at this.
Where I work, we're using Mac OS X for development, and the deploying on Debian systems that use the official jakarta releases of Tomcat (rather than Debian .debs).
On my local system, I've got tomcat installed right in my ~/opt. On the Debian systems, there's a "tomcat" or "tomcat5" user, and we work as that user whenever dealing with any of the webapps.
Regardless, all webapps are always right there in the /path/to/tomcat/webapps.
We don't deploy .war files. We use an ant task to build the .war's, but then:
- shutdown tomcat, - copy the .war file to our webapps folder, - unzip them in-place, - delete the .war file, then - restart tomcat.
I'm planning to upgrade to FC4 soon, just lurking for tips on Tomcat use. Anything you can share would be most welcome.
Any useful info I get here will go into my little help doc. This is a helpful bunch here, so hopefully we'll get some more good tips. :)
---John
__________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail
java-devel@lists.fedoraproject.org