Bug#576875: tomcat6: Allow running the init script as a normal user, not admin
Emmanuel Bourg
ebourg at apache.org
Thu Jul 21 11:52:34 UTC 2016
I don't think any user can start Tomcat, because the init script has to
switch to the tomcat user at some point and this requires root privileges.
That said the 'status' option should be usable by anyone. Currently it's
restricted to the administrator.
Should the tomcat user be allowed to control the daemon? I'm not sure
this is a good idea, because a simple malicious JSP could then stop the
server. If this is really needed I think sudo should be used instead.
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list