Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Exposure to run JVM under root?
Top Forums UNIX for Dummies Questions & Answers Exposure to run JVM under root? Post 302530555 by AIX_user on Tuesday 14th of June 2011 09:57:37 AM
Old 06-14-2011
Exposure to run JVM under root?
We noticed that a JMS application running on a WebSphere application Server (not inside the J2EE container) is trying to access some resources using the UserId root. We checked with the developers, they said they did not specify any userId and it may be WAS is assigning the userId running the JVM to the JMS application. They said that the JVM is started with root userId. Does this sounfd like an security exposure? If the JMS application is running as root, does it mean that they can add code to the program to do something else they needs root authority ? Should we stop them from starting a JVM under root ?
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Run non-root script as root with non-root environment

All, I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
Discussion started by: bubba112557
2 Replies

2. Filesystems, Disks and Memory

RUN OUT SPACE (Root)

Dear Buddies, Plz Help me out ,,,,,, the Unix Servers i m working on ,,,Somes times run out of space in root ,,,due the generation of a file named STA ....which causes the system to crash ,,,,, plz hlp me !!!!!!!!!!!!!!!!!!!!!! how to find out the file ....generation causes ...... ... (6 Replies)
Discussion started by: scorpiyanz
6 Replies

3. Shell Programming and Scripting

Make program only run by root

Hi all, i hope i got this in the right place, what i am trying to do is make a program only run by root, ie for instance user fred is logged in and uses firefox, what id like to do is change that so that when fred wants to use firefox he will be asked to enter root password before he is allowed to... (14 Replies)
Discussion started by: dave123
14 Replies

4. AIX

Crontab cannot run by non-root user

Good morning everybody. I have just receiedv a complaint from our DBA saying that if he create a scripts to run some Oracle performance scripts using crontab and the scheduling part is ok but the job is failed when I checked on /var/adm/cron/log. I have tried his scripts using Oracle id directly... (4 Replies)
Discussion started by: kwliew999
4 Replies

5. Shell Programming and Scripting

how to run a command as root

Hi, i need to run a command as root.Whoever executes the command ,i will check for a particular role if that is satisfied i have to make it to run as root. Please help me to carry out this. Thanks Padmini (1 Reply)
Discussion started by: padmisri
1 Replies

6. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

7. Shell Programming and Scripting

How to run Route in bash without as root

Hi friends, I will make a bash script for excecuted a route (My OS is Ubuntu 10.04) this is my script (with name mine.sh) #!/bin/bash route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.1 if I run this bash as root, i can run it.. root@venom-desktop:/home/venom#sh... (2 Replies)
Discussion started by: venom
2 Replies

8. Cybersecurity

Run chage as not root ?

Hello, Running Debian lenny. Is there any way to run $ chage --expiredate some_date user1 chage: Permission denied. as not root user inside script ? I really need to do this, I could grant whatever group membership to running user, setuid bit or whatever is needed ? (I do not want to do... (4 Replies)
Discussion started by: vilius
4 Replies

9. Shell Programming and Scripting

Need to run a bash script that logs on as a non-root user and runs script as root

So I have a script that runs as a non-root user, lets say the username is 'xymon' . This script needs to log on to a remote system as a non-root user also and call up a bash script that runs another bash script as root. in short: user xymon on system A needs to run a file as root user and have... (2 Replies)
Discussion started by: damang111
2 Replies

10. Red Hat

Can't run mkdir even as root please help

I cannot mkdir as root please see below # mkdir /home/vm1/Desktop/nfs mkdir: cannot create directory `/home/vm1/Desktop/nfs': Permission deniedso i checked the selinux context below and got # ls -Z /home/vm1 drwxrwxrwx. root root system_u:object_r:autofs_t:s0 Desktop drwxr-xr-x. vm1 ... (10 Replies)
Discussion started by: nokia3310
10 Replies

LEARN ABOUT SUNOS

create-jms-resource

asadmin-create-jms-resource(1AS)				   User Commands				  asadmin-create-jms-resource(1AS)

NAME

       asadmin-create-jms-resource, create-jms-resource - registers the JMS resource

SYNOPSIS

       create-jms-resource  --user  admin_user [--password admin_password] [--host localhost] [--port 4848] [--secure|-s][--passwordfile filename]
       [--terse=false]	 [--echo=false]   [--interactive=true]	 --restype   resource_type   [--enabled=true][--description   text]    [--property
       (name=value)[:name=value]*] jndi_name

       Registers the JMS resource. This command is supported in remote mode only.

OPTIONS

       --user		       authorized domain application server administrative username.

       --password	       password to administer the domain application server.

       --host		       machine name where the domain application server is running.

       --port		       port number of the domain application server listening for administration requests.

       --secure 	       if true, uses SSL/TLS to communicate with the domain application server.

       --passwordfile	       file containing the domain application server password.

       --terse		       indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-
			       formatted data for consumption by a script.

       --echo		       setting to true will echo the command line statement on the standard output.

       --interactive	       prompts you for the required options that are not already specified.

       --restype	       JMS   resource	type   which   can   be:   javax.jms.Topic,   javax.jms.Queue,	 javax.jms.TopicConnectionFactory,
			       javax.jms.QueueConnectionFactory.

       --enabled	       determines whether the resource is enabled at runtime.

       --description	       text description of the JMS resource.

       --property	       optional attribute name/value pairs for configuring the JMS resource.

OPERANDS

       jndi_name	       JNDI name of the JMS resource to be created.

       Example 1: Creating a JMS connection factory resource for durable subscriptions

       asadmin> create-jms-resource --user admin1
       --password adminadmin1 --host pigeon --port 5001
       --restype javax.jms.TopicConnectionFactory --description
       "example of creating a JMS connection factory"
       --property ClientId=MyID jms/DurableTopicConnectionFactory
       Command create-jms-resource executed successfully

       Where:  jms/DurableTopicConnectionFactory  is  the  JNDI name of the resource, and the ClientId property sets a client ID on the connection
       factory so that it can be used for durable subsciptions. The JNDI name for a JMS resource customarily includes the jms/ naming subcontext.

       Example 2: Creating a JMS destination resource

       asadmin> create-jms-resource --user admin1
       --password adminadmin1 --host pigeon --port 5001
       --restype javax.jms.Queue
       --property Name=PhysicalQueue jms/MyQueue
       Command create-jms-resource executed successfully

       Where: jms/Queue is the JNDI name of the resource, and the Name property specifies the physical destination that the resource refers to.

EXIT STATUS

       0		       command executed successfully

       1		       error in executing the command

       asadmin-delete-jms-resource(1AS), asadmin-list-jms-resources(1AS), asadmin-create-jmsdest(1AS)

J2EE 1.4 SDK							    March 2004					  asadmin-create-jms-resource(1AS)
All times are GMT -4. The time now is 01:18 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy