Re: File uploaded under 'nobody' uid on linux
John B. Matthews wrote:
Lew wrote:
Lawrence D'Oliveiro wrote:
ruds wrote:
Now, please tell me what should I do so that whenever files are
uploaded they are stored with the user's name where all code and
other files are stored.
On way is to activate this mechanism
<http://httpd.apache.org/docs/current/suexec.html>.
The OP has not stated that he's using httpd.
Lew: This point is well taken, but the article _does_ outline the
(myriad) security issues that ruds should consider.
ruds: If you don't use httpd/suEXEC, you're likely going to have to
create something similar.
I use Tomcat a lot. I always run it as a non-privileged user, with the
installation directory tree under that same user's ownership. This "nobody"
issue has never arisen under that configuration for me.
I also run it as a multi-instance installation
<http://tomcat.apache.org/tomcat-6.0-doc/introduction.html>
<http://tomcat.apache.org/tomcat-7.0-doc/introduction.html>
"Optionally, Tomcat may be configured for multiple instances by defining
$CATALINA_BASE for each instance."
One useful approach is to set CATALINA_BASE to $HOME/.tomcat or similar
directory within the home directory of each designated Tomcat user.
See the section "Advanced Configuration - Multiple Tomcat Instances" in the
$CATALINA_HOME/RUNNING.txt file.
--
Lew
Honi soit qui mal y pense.
http://upload.wikimedia.org/wikipedia/commons/c/cf/Friz.jpg