Bug#576875: tomcat6: Allow running the init script as a normal user, not admin
Emmanuel Bourg
ebourg at apache.org
Thu Nov 17 22:11:23 UTC 2016
Le 21/07/2016 à 13:52, Emmanuel Bourg a écrit :
> I don't think any user can start Tomcat, because the init script has to
> switch to the tomcat user at some point and this requires root privileges.
The init.d script also generates the catalina.policy file as read-only
for the tomcat user, and this must be performed as root.
> That said the 'status' option should be usable by anyone. Currently it's
> restricted to the administrator.
This is no longer true with systemd, anyone can run:
systemctl status tomcat8.service
> Should the tomcat user be allowed to control the daemon? I'm not sure
> this is a good idea, because a simple malicious JSP could then stop the
> server.
Actually a malicious JSP or an exploited vulnerability in a web
application can already stop the server simply by executing 'killall
java' (if the security manager is disabled).
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list