Any time ;) John M. Gabriele wrote: > Thanks Gary! > > http://www.simisen.com/jmg/pmwiki/pmwiki.php?n=Main.GNUJavaOnFedora > > ---John > > --- Gary Benson <gbenson@xxxxxxxxxx> wrote: > > > John M. Gabriele wrote: > > > --- Gary Benson <gbenson@xxxxxxxxxx> wrote: > > > > John M. Gabriele wrote: > > > > > I noticed there's a tomcat user on my system: > > > > > > > > > > [root@localhost ~]# cat /etc/passwd | grep tom > > > > > tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh > > > > > > > > > > I'm just getting started using Tomcat on FC4. > > > > > > > > > > Should I be su'ing to tomcat to work with files > > > > > in (and copy files into) /var/lib/tomcat5? > > > > > > > > > > Or do I work in there as root, then chown -R > > > > > everthing to root:tomcat when I'm done? > > > > > > > > Neither, ideally. You should be able to work as root and leave > > > > the files owned as root. Or as any other user: I'll often create > > > > a directory /var/lib/tomcat5/webapps/whatever and chown it > > > > gary.gary, and then just work in there under my normal login. > > > > > > What's the purpose of having a "tomcat" user on the system at all? > > > > Most things that run as daemons have their own user, to limit the > > effects of security vulnerabilities. Malicious code inserted into > > a daemon running as root can do _anything_. Malicious code inserted > > into a daemon running as an unprivileged user can only do what that > > user can do, which should ideally be as little as possible. > > > > Daemons historically ran as root, but those that still do are a > > security nightmare. > > > > > What's the point of having those links in /usr/share/tomcat5? > > > > Because Tomcat expects to run out of one directory, but the FHS > > dictates that the various different files in that directory should > > live in various different places on the filesystem. > > > > Cheers, > > Gary
