Difference between revisions of "Running the Platform as a Non-Root User"
From AgileApps Support Wiki
imported>Aeric (Created page with "For any installation that is public-facing, it's a good idea to make the service run as a non-root user. That way, if services are comprised, they will be more limited than if th…") |
imported>Aeric |
||
Line 15: | Line 15: | ||
chown -hR tomcat tomcat/ | chown -hR tomcat tomcat/ | ||
chgrp -hR tomcat tomcat/ | chgrp -hR tomcat tomcat/ | ||
chmod | chmod 766 tomcat/logs | ||
chmod | chmod 766 tomcat/conf | ||
su tomcat | su tomcat | ||
</syntaxhighlight> | </syntaxhighlight> | ||
3. Stop tomcat and restart it as user <tt>tomcat</tt>. | 3. Stop tomcat and restart it as user <tt>tomcat</tt>. |
Revision as of 23:49, 18 July 2011
For any installation that is public-facing, it's a good idea to make the service run as a non-root user. That way, if services are comprised, they will be more limited than if they had root access. (Here, we'll create a user called "tomcat" for that purpose.)
To run the platform as a non-root user:
1. Run this command, and copy the path it produces:
which nologin
2. Run these commands, inserting the path obtained in step #1:
groupadd tomcat useradd tomcat -g tomcat -s '{path_to_nologin}' passwd tomcat chown -hR tomcat tomcat/ chgrp -hR tomcat tomcat/ chmod 766 tomcat/logs chmod 766 tomcat/conf su tomcat
3. Stop tomcat and restart it as user tomcat.