Chapter 14: Tomcat Security user who needs to
Chapter 14: Tomcat Security user who needs to use Java, which can become tedious. This illustrates the utility of creating a series of groups that have access to certain areas of the file system. For example, users who need access to Java can be given membership in the Java Users group. Users who need the capability to manipulate the contents of the Java directory can be given membership in a group called Java Developers. The extra time required to configure such a setup can be well worth the added security and scalability as more users are added. The tomcataccount also needs access to the tomcat directory. These permissions can be granted with the same procedure used to grant access to the Java directory. For maximum security, grant only read access to the following directories: TOMCAT_INSTALLATION/bin TOMCAT_INSTALLATION/lib TOMCAT_INSTALLATION/webapps Note that TOMCAT_INSTALLATION/conf must have write permissions to function if Tomcat s default UserDatabase implementation is used for user authentication. In addition, note that making the TOMCAT_INSTALLATION/webapps directory read-only can cause problems if Web applications modify files in their directories, or if the Tomcat manager application is used to deploy new Web applications. Linux File System Securing the Linux file system requires two steps: granting the tomcat account read and execute permissions on the JRE directory (recursively), and granting it read, write, and execute permissions on the Tomcat directory. There are numerous ways to grant these permissions. Following is one strategy: . Recursively set the other permissions on the JRE directory to read and execute with the chmod command: chmod -R o=rx * . Recursively set the owner of the Tomcat directory to the tomcat account: chown -R tomcat: tomcat * For additional security, the owner, group, and other permissions for the following Tomcat directories can be set to read-only: . TOMCAT_INSTALLATION/bin . TOMCAT_INSTALLATION/lib . TOMCAT_INSTALLATION/webapps Note that TOMCAT_INSTALLATION/conf must have write permissions to function if Tomcat s default UserDatabase implementation is used for user authentication. In addition, note that making the TOMCAT_INSTALLATION /webapps directory read-only can cause problems if Web applications modify files in their directories, or if the Tomcat manager application is used to deploy new Web applications. Securing the Java Virtual Machine Configuring the file system for maximum security is an important part of securing an installation of a Tomcat server instance. Java s Security Manager architecture exposes an entirely different level of configurability. With the Security Manager, Java applications can be restricted from accessing features of the Java language and platform in a remarkably fine-grained manner.
If you looking for unlimited one inclusive web hosting plan please check unlimited web hosting website.