HowTos/Tomcat

From Scalix Wiki
Revision as of 18:22, 9 April 2006 by Florian (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Running Tomcat as a non-root user

For security reasons, it is preferrable to run Tomcat as a non-root user. In fact, most tomcat packages that come with OS distributions do it this way.

For Scalix this poses a few problems because the RES web application (which is part of the Scalix Admin Console system) needs to execute Scalix admin commands ("om-commands"), some of which must be executed with superuser/root privileges.

Scalix 10.0.0 and later therefore allow the use of sudo to limit root access to the commands in question.

Follow these steps:

  1. On each machine running RES, install the sudo package that comes with your Linux distribution of choice.
  2. Setup a /etc/sudoers file that has the following line:
<user> <hostname> NOPASSWD: /opt/scalix/bin/*,/opt/scalix/diag/*,/bin/rpm,/usr/bin/dpkg,/bin/tail
  1. Add the following parameter to /etc/opt/scalix/res/config/res.properties:
res.sudo.command.mode=true

Note: As of Scalix 10.0.1, the sample entry in the config file is wrong; this reads res.commands.sudo.mode=true and is incorrect. The correct entry is as per above.

  1. Restart Tomcat

All access to Scalix commands will be logged by sudo through syslog.

Retrieved from "https://www.scalix.com/wiki/index.php?title=HowTos/Tomcat&oldid=1490"