Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #4285

Re: File uploaded under 'nobody' uid on linux

From Nigel Wade <nmw-news@ion.le.ac.uk>
Newsgroups comp.lang.java.programmer
Subject Re: File uploaded under 'nobody' uid on linux
Date 2011-05-19 10:09 +0100
Message-ID <93k52jF2n4U1@mid.individual.net> (permalink)
References <4b17d468-3056-4dc2-b1bb-5124ec077589@v10g2000yqn.googlegroups.com> <ir0uum$hic$1@news.albasani.net> <ir0uvd$hic$2@news.albasani.net> <d5d55b39-9008-4d7a-8018-cba103a409ed@24g2000yqk.googlegroups.com>

Show all headers | View raw

On 19/05/11 05:53, ruds wrote:
> When I execute the ps command, this is what I get:
> root      9161     1  0 May16 ?        00:03:04
> -classpath /root/apache-tomcat-6.0.29/bin/tomcat-juli.jar:/root/apache-
> tomcat-6.0.29/bin/bootstrap.jar:/root/apache-tomcat-6.0.29/webapps
> /FIR/WEB-INF/classes -Dcatalina.base=/root/apache-tomcat-6.0.29 -
> Dcatalina.home=/root/apache-tomcat-6.0.29/bin -Djava.io.tmpdir=/root/
> apache-tomcat-6.0.29/temp org.apache.catalina.startup.Bootstrap start
> 
> So isn't Tomcat running under root?

That would be exceedingly dangerous. Maybe Tomcat has changed it's
effective UID to "nobody" to avoid those dangers.

> I have given link to another location from the /root/apchec*/webapps
> directory which is present in another users home.
> So, when my webapp is storing documents should'nt store under this
> users id or root's by default? How come the uid is that of nobody?

I doubt very much that it would write files as some arbitrary user,
merely based on who owns the directory. It most likely writes files as
user "nobody" because writing files owned by root into arbitrary
directories, with odd modes, can be open to serious abuse.

It may also be because the filesystem is mounted using NFS, and NFS is
translating UID=0 to UID=65535 for security reasons.

-- 
Nigel Wade

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

File uploaded under 'nobody' uid on linux ruds <rudranee@gmail.com> - 2011-05-18 01:12 -0700
  Re: File uploaded under 'nobody' uid on linux Lew <noone@lewscanon.com> - 2011-05-18 13:17 -0400
    Re: File uploaded under 'nobody' uid on linux Lew <noone@lewscanon.com> - 2011-05-18 13:17 -0400
      Re: File uploaded under 'nobody' uid on linux ruds <rudranee@gmail.com> - 2011-05-18 21:53 -0700
        Re: File uploaded under 'nobody' uid on linux Nigel Wade <nmw-news@ion.le.ac.uk> - 2011-05-19 10:09 +0100
  Re: File uploaded under 'nobody' uid on linux Lawrence D'Oliveiro <ldo@geek-central.gen.new_zealand> - 2011-05-19 21:50 +1200
    Re: File uploaded under 'nobody' uid on linux Lew <noone@lewscanon.com> - 2011-05-19 09:07 -0400
      Re: File uploaded under 'nobody' uid on linux "John B. Matthews" <nospam@nospam.invalid> - 2011-05-19 20:51 -0400
        Re: File uploaded under 'nobody' uid on linux Lew <noone@lewscanon.com> - 2011-05-19 22:10 -0400
          Re: File uploaded under 'nobody' uid on linux "John B. Matthews" <nospam@nospam.invalid> - 2011-05-20 00:16 -0400
          Re: File uploaded under 'nobody' uid on linux ruds <rudranee@gmail.com> - 2011-05-24 01:15 -0700
            Re: File uploaded under 'nobody' uid on linux Lew <noone@lewscanon.com> - 2011-05-24 08:08 -0400
              Re: File uploaded under 'nobody' uid on linux "John B. Matthews" <nospam@nospam.invalid> - 2011-05-24 17:42 -0400

csiph-web