Is there any way to change the owner of Tomcat catalina logs from root to my current (non-root) user in an Ubuntu server?
Tomcat needs to be started using a cronjob in root. I want to avoid having to type sudo every time I want to check logs.
Asked
Active
Viewed 409 times
1 Answers
1
Sure there is. Do not run tomcat as root to begin with. This way any problem/issue in your web facing application immediately has the highest privileges possible.
If the cron job runs as root: root can drop its privileges and start processes as another user account
Olaf Kock
- 46,930
- 8
- 59
- 90
-
Do you reckon Tomcat wouldn't need root privileges during any time in its lifecycle? – suharsha Mar 23 '22 at 06:30
-
1If an internet-accessible process needs to have root privileges, then the architecture is wrong and extremely risky. – Olaf Kock Mar 23 '22 at 06:33
-
That makes sense. Thanks @olaf-kock . Never looked at it that way. I'll change the tomcat user to a non-root user. Also, if you could post the steps to achieve my original intention, that could help someone in the future. – suharsha Mar 23 '22 at 22:57
-
These _are_ my recommended steps – Olaf Kock Mar 24 '22 at 18:54