信息:Apache Tomcat/6.0.36 CentOS 2.6.32-279.14.1.el6.x86_64
有可能吗?我听别人说,旧版本的 tomcat 有一个管理器工具,允许非特权用户重新启动服务器。我检查了管理器,但我只看到禁用服务器上运行的应用程序的选项,而不是服务器本身。
答案1
我选择了 tomcat wiki 上描述的 setuid 解决方法。
Another method is to use SetUID scripts (assuming you have the capability) to do this. Here's how I do it.
Create a file called foo.c with this content (replace "/path/startupscript" with the tomcat startup script):
#include <unistd.h> #include <stdlib.h>
int main( int argc, char *argv[] ) {
if ( setuid( 0 ) != 0 ) perror( "setuid() error" ); printf( "Starting ${APPLICATION}\n" ); execl( "/bin/sh", "sh", "/path/startupscript", 0 ); return 1;
}
Run the following as root (replacing tmp with whatever you want the startup script to be and replacing XXXXX with whatever group you want to be able to start and stop tomcat:
gcc tmp.c -o tmp chown root:XXXXX tmp chmod ugo-rwx tmp chmod u+rwxs,g+rx tmp
Now members of the tomcat group should be able to start and stop tomcat. One caveat though, you need to ensure that that your tomcat startup script is not writable by anyone other than root, otherwise your users will be able to insert commands into the script and have them run as root (very big security hole).
来源:http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F