10-23-2003
Process permissions
All
I have the following situation:
OS: Debian Woody
Apache/ Tomcat 4
I want to be able to start apache and tomcat from a script as a non-root user (www-data/ skotapal).
What I have done so fat is:
1. Created a new group called 'appgroup'
2. Added a couple of users (skotapal, www-data, user1, user2, etc) to the group appgroup
3. Changed the ownership of the tomcat binaries to be owned by www-data:appgroup by the group
4. Changed the ownership of the apache docroot (/var/www/) to www-data:appgroup
5. changed the ownership of the tomcat application directory (/usr/share/tomcat4) to www-data:appgroup.
6. the apache docroot and tomcat files are 774 so that they are executable by the group 'appgroup'
Now the problem is, I cannot start apache as a non-root user, tomcat however starts up as skotapal/ user1/ user2.
Questions:
1. Is it is security risk in having tomcat run as a non-root user who has a shell?
2. how can I start apache + tomcat as non-root user and have the process owned by another user (one that does not have a shell account)?
Please advise!
Thanks
KS
10 More Discussions You Might Find Interesting
1. HP-UX
Hi,
I am a Unix Admin. I have to give the permissions to a user for creating new file in a directory in HP-Ux 11.11 system since he cannot able to create a new file in the directory.
Thanks in advance.
Mike (3 Replies)
Discussion started by: Mike1234
3 Replies
2. Shell Programming and Scripting
Hello all,
I would be happy if any one could help me with a shell script that would determine all the processes running on a Unix server and post a mail if any of the process is not running or aborted.
Thanks in advance
Regards,
pradeep kulkarni.
:mad: (13 Replies)
Discussion started by: pradeepmacha
13 Replies
3. Shell Programming and Scripting
Hi Experts, we do have a shell script for Unix Solaris, which will kill all the process manullay, it used to work in my previous env, but now it is throwing this error.. could some one please help me to resolve it
This is how we execute the script (and this is the requirement) ... (2 Replies)
Discussion started by: jonnyvic
2 Replies
4. Shell Programming and Scripting
get email notification from from system when a process from XXXX user takes longer than 15 min run.Let me know the time estimation for the same.
hi ,any one please tell me , how to write a script to get email notification from system when a process from as mentioned above a xxxx user takes... (1 Reply)
Discussion started by: kirankrishna3
1 Replies
5. UNIX for Advanced & Expert Users
I have to setup a sudo permission for a userA, so he can su to become userB and be able to do ONLY kill -9 on userB owned processes. (2 Replies)
Discussion started by: rizsyd
2 Replies
6. Shell Programming and Scripting
Hi, I am creating a ksh script to search for a string of text inside files within a directory tree. Some of these file are going to be read/execute only. I know to use chmod to change the permissions of the file, but I want to preserve the original permissions after writing to the file. How can I... (3 Replies)
Discussion started by: right_coaster
3 Replies
7. BSD
Hi Experts,
I am facing one problem here which is one process always stuck in running state which causes the other similar process to sleep state . This causes my system in hanged state.
On doing cat /proc/<pid>wchan showing the "__init_begin" in the output.
Can you please help me here... (0 Replies)
Discussion started by: naveeng
0 Replies
8. UNIX for Advanced & Expert Users
Hi Experts,
I am facing one problem here which is one process always stuck in running state which causes the other similar process to sleep state . This causes my system in hanged state.
On doing cat /proc/<pid>wchan showing the "__init_begin" in the output.
Can you please help me here... (1 Reply)
Discussion started by: naveeng
1 Replies
9. Shell Programming and Scripting
I am writing a script to kick off a process to gather logs on multiple nodes in parallel using "&". These processes create individual log files. Which I would like to filter and convert in CSV format after they are complete. I am facing following issues:
1. Monitor all Processes parallelly.... (5 Replies)
Discussion started by: shunya
5 Replies
10. Shell Programming and Scripting
Team,
I have multiple batchjobs running in VM, if I do ps -ef |grep java or tomcat I am getting multiple process list.
How do I get my exact tomcat process running and that is unique? via shell script? (4 Replies)
Discussion started by: Ghanshyam Ratho
4 Replies
LEARN ABOUT DEBIAN
apache
apache(1M) System Administration Commands apache(1M)
NAME
apache - Apache hypertext transfer protocol server overview
DESCRIPTION
apache consists of a main server daemon, loadable server modules, some additional support utilities, configuration files, and documenta-
tion.
FILES
The apache HTTPD server is integrated with Solaris.
The following files specify the installation locations for apache:
/etc/apache Contains server configuration files.
A newly-installed server must be manually configured before use. Typically this involves copying httpd.conf-example
to the httpd.conf file and making local configuration adjustments.
/usr/apache/bin Contains the httpd executable as well as other utility programs.
/usr/apache/htdocs Contains the Apache manual in HTML format. This documentation is accessible by way of a link on the server test
page that gets installed upon fresh installation.
/usr/apache/include Contains the Apache header files, which are needed for building various optional server extensions with apxs(8)
/usr/apache/jserv Contains documention for the mod_jserv java servlet module. Documention can be read with a web browser using the
url:
file:/usr/apache/jserv/docs/index.html
/usr/apache/libexec Contains loadable modules (DSOs) supplied with the server. Any modules which are added using apxs(8)are also copied
into this directory.
/usr/apache/man Contains man pages for the server, utility programs, and mod_perl.
Add this directory to your MANPATH to read the Apache man pages. See NOTES.
/usr/apache/perl5 Contains the modules and library files used by the mod_perl extension to Apache.
/var/apache/cgi-bin Default location for the CGI scripts.
This can be changed by altering the httpd.conf file and restarting the server.
/var/apache/htdocs Default document root.
This can be changed by altering the httpd.conf file and restarting the server.
/var/apache/icons Icons used by the server.
This normally shouldn't need to be changed.
/var/apache/logs Contains server log files.
The formats, names, and locations of the files in this directory can be altered by various configuration directives
in the httpd.conf file.
/var/apache/proxy Directory used to cache pages if the caching feature of mod_proxy is enabled in the httpd.conf file.
The location of the cache can also be changed by changing the proxy configuration in the httpd.conf file.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWapchr |
+-----------------------------+-----------------------------+
| |SUNWapchu |
+-----------------------------+-----------------------------+
| |SUNWapchd |
+-----------------------------+-----------------------------+
SEE ALSO
attributes(5)
http://www.apache.org
NOTES
In addition to the documentation and man pages included with Solaris, more information is available at http://www.apache.org
The Apache man pages are provided with the programming modules. To view the manual pages for the Apache modules with the man command, add
/usr/apache/man to the MANPATH environment variable. See man(1) for more information. Running catman(1M) on the Apache manual pages is
not supported.
SunOS 5.10 8 Aug 2000 apache(1M)