Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!.POSTED!not-for-mail
From: "John B. Matthews" <nospam@nospam.invalid>
Newsgroups: comp.lang.java.programmer
Subject: Re: File uploaded under 'nobody' uid on linux
Date: Fri, 20 May 2011 00:16:24 -0400
Organization: The Wasteland
Lines: 45
Message-ID: <nospam-55A6B3.00162420052011@news.aioe.org>
References: <4b17d468-3056-4dc2-b1bb-5124ec077589@v10g2000yqn.googlegroups.com> <ir2p4n$kf4$2@lust.ihug.co.nz> <ir34lt$eqj$1@news.albasani.net> <nospam-9D2A2B.20511619052011@news.aioe.org> <ir4iih$fos$1@news.albasani.net>
NNTP-Posting-Host: LQJtZWzu+iKlBROuDg+IUg.user.speranza.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: MT-NewsWatcher/3.5.3b3 (Intel Mac OS X)
X-Notice: Filtered by postfilter v. 0.8.2
Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:4336

In article <ir4iih$fos$1@news.albasani.net>, Lew <noone@lewscanon.com> 
wrote:

> John B. Matthews wrote:
> > Lew wrote:
> >> Lawrence D'Oliveiro wrote:
> >>> ruds wrote:
> >>>> Now, please tell me what should I do so that whenever files are 
> >>>> uploaded they are stored with the user's name where all code and 
> >>>> other files are stored.
> >>>
> >>> On way is to activate this mechanism
> >>> <http://httpd.apache.org/docs/current/suexec.html>.
> 
> >> The OP has not stated that he's using httpd.
> 
> > Lew: This point is well taken, but the article _does_ outline the 
> > (myriad) security issues that ruds should consider.
> >
> > ruds: If you don't use httpd/suEXEC, you're likely going to have to 
> > create something similar.
> 
> I use Tomcat a lot.  I always run it as a non-privileged user, with 
> the installation directory tree under that same user's ownership.  
> This "nobody" issue has never arisen under that configuration for me.
> 
> I also run it as a multi-instance installation
> <http://tomcat.apache.org/tomcat-6.0-doc/introduction.html>
> <http://tomcat.apache.org/tomcat-7.0-doc/introduction.html>
> "Optionally, Tomcat may be configured for multiple instances by 
> defining $CATALINA_BASE for each instance."
> 
> One useful approach is to set CATALINA_BASE to $HOME/.tomcat or 
> similar directory within the home directory of each designated Tomcat 
> user.
> 
> See the section "Advanced Configuration - Multiple Tomcat Instances" 
> in the $CATALINA_HOME/RUNNING.txt file.

I like this; thank you for the pointer.

-- 
John B. Matthews
trashgod at gmail dot com
<http://sites.google.com/site/drjohnbmatthews>