cancel
Showing results for 
Search instead for 
Did you mean: 

Alfresco insecure?

heckle
Champ in-the-making
Champ in-the-making
At this point I can get full functionality form alfresco on debian based oses, but only in an insecure way.

I have to run tomcat as root to get full functionality from alfresco, and I would rather not do that. I also have to turn off tomcat security which worsens the matter.

Is there a way to run tomcat as nonroot, with security turned on and still get full functionality from alfresco?
4 REPLIES 4

steve
Champ in-the-making
Champ in-the-making
Hi,

What are your issues running Alfresco from a non-root user?

Steve

heckle
Champ in-the-making
Champ in-the-making
Sorry for the delay, I had to leave off testing alfresco for the last week or so. From what I recall, binding to ftp and cifs ports-

also, I had to run openoffice and tomcat as the same user- if I ran both as user "tomcat" lets say, conversions were not working.

What are the java security settings that must be implemented to allow alfresco the most limited access to the machines resources?

steve
Champ in-the-making
Champ in-the-making
Hi,

We have some information on our Wiki that should help you running Alfresco as a non-root user on Linux:

Look here: http://wiki.alfresco.com/wiki/Changing_Bind_Addresses_and_Ports_for_Samba_and_FTP
and here:
http://wiki.alfresco.com/wiki/File_Server_Configuration#Running_SMB.2FCIFS_from_a_normal_user_accoun...

The "Tomcat" user needs full access to the "tomcat/" directory structure, and to the "alf_data" directory (wherever you place that).

Hope this helps,

Steve

heckle
Champ in-the-making
Champ in-the-making
Thanks for the pointers Steve.

On the issue of permissions, I was looking for java security permission settings. Debian based Os'es have this enable by default.
for example:

permission java.util.PropertyPermission "java.home", "read",

in a policy file will allow all tomcat apps to read anything in the java.home directory.

If someone has figured this out, it would be greatly appreciated.