Tomcat Web Hosting Blog - Java, JSP, EJB, Hibernate

Chapter 14: Tomcat Security A typical configuration might use a script such as the following in /etc/init.d (or wherever init scripts are stored): #!/bin/bash RETVAL=$? export JAVA_HOME=/usr/java/jdk160 export CATALINA_HOME=/usr/local/tomcat6 case $1 in start) if [ -f $CATALINA_HOME/bin/startup.sh ]; then echo $ Starting Tomcat /bin/su tomcat $CATALINA_HOME/bin/startup.sh fi ;; stop) if [ -f $CATALINA_HOME/bin/shutdown.sh ]; then echo $ Stopping Tomcat /bin/su tomcat $CATALINA_HOME/bin/shutdown.sh fi ;; *) echo $ Usage: $0 {start|stop} exit 1 ;; esac exit $RETVAL You can the configure the script in /etc/init.d to load on startup by creating links to it in the desired run- level directories or by using a graphical configuration client, depending on the distribution of Linux used. Securing the File System Configuring a Tomcat server instance to run with its own user account is useful only if the account has most of its access privileges reduced, preventing havoc from being wreaked. Effectively, this means reducing the scope of the account s file system permissions to the minimum set required to perform the job. Windows File System Windows has two different types of file systems: FAT32 and NTFS. FAT32 is inherently insecure and can t be locked down. It is, however, an excellent choice for system administrators if instability, limitations, and inefficiency are considered virtuous. NTFS, conversely, has all the necessary features for restricting the tomcat user s capabilities. The type of file system being used can be determined by viewing the properties of the hard drive partition in question in the My Computer window. Windows supports upgrading FAT32 partitions to NTFS. Note, however, that once a partition has been changed to NTFS, it cannot revert back to FAT32. Access Control Lists NTFS security is built around the concept of access control lists (ACLs). Every resource in the file system (that is, files and directories) has an ACL that is associated with it. The ACL contains a list of users and

If you looking for unlimited one inclusive web hosting plan please check unlimited web hosting website.

This entry was posted on Wednesday, August 19th, 2009 at 2:51 am and is filed under tomcat. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.