注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

阿弥陀佛

街树飘影未见尘 潭月潜水了无声 般若观照心空静...

 
 
 

日志

 
 
关于我

一直从事气象预报、服务建模实践应用。 注重气象物理场、实况场、地理信息、本体知识库、分布式气象内容管理系统建立。 对Barnes客观分析, 小波,计算神经网络、信任传播、贝叶斯推理、专家系统、网络本体语言有一定体会。 一直使用Java、Delphi、Prolog、SQL编程。

网易考拉推荐
GACHA精选

How to Run Tomcat using Minimally Privileged (non-root) User  

2014-11-07 23:19:55|  分类: Ramadda |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
How to Run Tomcat using Minimally Privileged (non-root) User.

In our Tomcat configuration above, we are running Tomcat as Root.
For security reasons, it is always best to run services with the only those privileges that are necessary.
There are some who make a strong case that this is not required, but it's always best to err on the side of caution.

To run Tomcat as non-root user, we need to do the following:

1. Create the group 'tomcat':

view plaincopy to clipboardprint?
  1. [root@blanche ~]# groupadd tomcat  
  2. [root@blanche ~]# useradd -s /bin/bash -g tomcat tomcat  



2. Create the user 'tomcat' and add this user to the tomcat group we created above.

view plaincopy to clipboardprint?
  1. [root@blanche ~]# groupadd tomcat  
  2. [root@blanche ~]# useradd -s /bin/bash -g tomcat tomcat  



The above will create a home directory for the user tomcat in the default user home as /home/tomcat

If we want the home directory to be elsewhere, we simply specify so using the -d switch.

view plaincopy to clipboardprint?
  1. [root@blanche ~]# useradd -g tomcat -d /usr/share/apache-tomcat-6.0.32/tomcat tomcat  



The above will create the user tomcat's home directory as /usr/share/apache-tomcat-6.0.32/tomcat

3. Change ownership of the tomcat files to the user we created above:

view plaincopy to clipboardprint?
  1. [root@blanche ~]# chown -Rf tomcat.tomcat /usr/share/apache-tomcat-6.0.32/  



Note: it is possible to enhance our security still further by making certain files and directory read-only. This will not be covered in this post and care should be used when setting such permissions.

4. Adjust the start/stop service script we created above. In our new script, we need to su to the user tomcat:

view plaincopy to clipboardprint?
  1. #!/bin/bash  
  2. # description: Tomcat Start Stop Restart  
  3. # processname: tomcat  
  4. # chkconfig: 234 20 80  
  5. JAVA_HOME=/usr/java/jdk1.6.0_24  
  6. export JAVA_HOME  
  7. PATH=$JAVA_HOME/bin:$PATH  
  8. export PATH  
  9. TOMCAT_HOME=/usr/share/apache-tomcat-6.0.32/bin  
  10.   
  11. case $1 in  
  12. start)  
  13. /bin/su tomcat $TOMCAT_HOME/startup.sh  
  14. ;;   
  15. stop)     
  16. /bin/su tomcat $TOMCAT_HOME/shutdown.sh  
  17. ;;   
  18. restart)  
  19. /bin/su tomcat $TOMCAT_HOME/shutdown.sh  
  20. /bin/su tomcat $TOMCAT_HOME/startup.sh  
  21. ;;   
  22. esac      
  23. exit 0  



Step 6 (Optional): How to Run Tomcat on Port 80 as Non-Root User.



Note: the following applies when you are running Tomcat in "stand alone" mode. That is, you are running Tomcat without Apache in front of it.

To run services below port 1024 as a user other than root, you can add the following to your IP tables:

view plaincopy to clipboardprint?
  1. [root@blanche ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080    
  2. [root@blanche ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080    

参见 ; http://www.davidghedini.com/pg/entry/install_tomcat_7_on_centos
  评论这张
 
阅读(383)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017