Thanks Gary! http://www.simisen.com/jmg/pmwiki/pmwiki.php?n=Main.GNUJavaOnFedora ---John --- Gary Benson <gbenson@xxxxxxxxxx> wrote: > John M. Gabriele wrote: > > --- Gary Benson <gbenson@xxxxxxxxxx> wrote: > > > John M. Gabriele wrote: > > > > I noticed there's a tomcat user on my system: > > > > > > > > [root@localhost ~]# cat /etc/passwd | grep tom > > > > tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh > > > > > > > > I'm just getting started using Tomcat on FC4. > > > > > > > > Should I be su'ing to tomcat to work with files > > > > in (and copy files into) /var/lib/tomcat5? > > > > > > > > Or do I work in there as root, then chown -R > > > > everthing to root:tomcat when I'm done? > > > > > > Neither, ideally. You should be able to work as root and leave > > > the files owned as root. Or as any other user: I'll often create > > > a directory /var/lib/tomcat5/webapps/whatever and chown it > > > gary.gary, and then just work in there under my normal login. > > > > What's the purpose of having a "tomcat" user on the system at all? > > Most things that run as daemons have their own user, to limit the > effects of security vulnerabilities. Malicious code inserted into > a daemon running as root can do _anything_. Malicious code inserted > into a daemon running as an unprivileged user can only do what that > user can do, which should ideally be as little as possible. > > Daemons historically ran as root, but those that still do are a > security nightmare. > > > What's the point of having those links in /usr/share/tomcat5? > > Because Tomcat expects to run out of one directory, but the FHS > dictates that the various different files in that directory should > live in various different places on the filesystem. > > Cheers, > Gary > > -- > fedora-devel-java-list mailing list > fedora-devel-java-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-devel-java-list > ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
