https://connect.hyland.com/t5/alfresco-archive/alfresco-insecure/m-p/60473#M37372 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><BR /><SPAN>What are your issues running Alfresco from a non-root user?</SPAN><BR /><BR /><SPAN>Steve</SPAN></BODY></HTML> Thu, 15 Mar 2007 15:01:42 GMT steve 2007-03-15T15:01:42Z https://connect.hyland.com/t5/alfresco-archive/alfresco-insecure/m-p/60472#M37371 At this point I can get full functionality form alfresco on debian based oses, but only in an insecure way. I have to run tomcat as root to get full functionality from alfresco, and I would rather not do that. I also have to turn off tomcat security which worsens the matter. Is there a way to run to Thu, 15 Mar 2007 14:19:25 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-insecure/m-p/60472#M37371 heckle 2007-03-15T14:19:25Z https://connect.hyland.com/t5/alfresco-archive/alfresco-insecure/m-p/60473#M37372 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><BR /><SPAN>What are your issues running Alfresco from a non-root user?</SPAN><BR /><BR /><SPAN>Steve</SPAN></BODY></HTML> Thu, 15 Mar 2007 15:01:42 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-insecure/m-p/60473#M37372 steve 2007-03-15T15:01:42Z https://connect.hyland.com/t5/alfresco-archive/alfresco-insecure/m-p/60474#M37373 <HTML><HEAD></HEAD><BODY><SPAN>Sorry for the delay, I had to leave off testing alfresco for the last week or so. From what I recall, binding to ftp and cifs ports-</SPAN><BR /><BR /><SPAN>also, I had to run openoffice and tomcat as the same user- if I ran both as user "tomcat" lets say, conversions were not working. </SPAN><BR /><BR /><SPAN>What are the java security settings that must be implemented to allow alfresco the most limited access to the machines resources?</SPAN></BODY></HTML> Wed, 21 Mar 2007 16:14:44 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-insecure/m-p/60474#M37373 heckle 2007-03-21T16:14:44Z https://connect.hyland.com/t5/alfresco-archive/alfresco-insecure/m-p/60475#M37374 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><BR /><SPAN>We have some information on our Wiki that should help you running Alfresco as a non-root user on Linux:</SPAN><BR /><BR /><SPAN>Look here: </SPAN><A href="http://wiki.alfresco.com/wiki/Changing_Bind_Addresses_and_Ports_for_Samba_and_FTP" rel="nofollow noopener noreferrer">http://wiki.alfresco.com/wiki/Changing_Bind_Addresses_and_Ports_for_Samba_and_FTP</A><BR /><SPAN>and here:</SPAN><BR /><A href="http://wiki.alfresco.com/wiki/File_Server_Configuration#Running_SMB.2FCIFS_from_a_normal_user_account" rel="nofollow noopener noreferrer">http://wiki.alfresco.com/wiki/File_Server_Configuration#Running_SMB.2FCIFS_from_a_normal_user_account</A><BR /><BR /><SPAN>The "Tomcat" user needs full access to the "tomcat/" directory structure, and to the "alf_data" directory (wherever you place that).</SPAN><BR /><BR /><SPAN>Hope this helps,</SPAN><BR /><BR /><SPAN>Steve</SPAN></BODY></HTML> Wed, 21 Mar 2007 17:11:53 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-insecure/m-p/60475#M37374 steve 2007-03-21T17:11:53Z https://connect.hyland.com/t5/alfresco-archive/alfresco-insecure/m-p/60476#M37375 <HTML><HEAD></HEAD><BODY><SPAN>Thanks for the pointers Steve. </SPAN><BR /><BR /><SPAN>On the issue of permissions, I was looking for java security permission settings. Debian based Os'es have this enable by default. </SPAN><BR /><SPAN>for example:</SPAN><BR /><BR /><SPAN>permission java.util.PropertyPermission "java.home", "read",</SPAN><BR /><BR /><SPAN>in a policy file will allow all tomcat apps to read anything in the java.home directory.</SPAN><BR /><BR /><SPAN>If someone has figured this out, it would be greatly appreciated.</SPAN></BODY></HTML> Wed, 21 Mar 2007 18:58:51 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-insecure/m-p/60476#M37375 heckle 2007-03-21T18:58:51Z