Lucee/Tomcat "Run As" User

101 views
Skip to first unread message

Steve Lauen

unread,
May 9, 2016, 1:25:28 PM5/9/16
to Lucee
Running Lucee 4.5 on CentOS Linux.

We're currently running on a test server and have been reviewing Lucee settings and functionality before installing on our first production server.

I have a question about what we should be using for the "run as" user for Lucee/Tomcat that is prompted for during the Lucee install.

On this test server, we chose the default, which is "root".  I'm not entirely sure that was the best choice due to security reasons.

On our old CFMX box, that we are migrating from, we have CF running as the Apache user.

Would that (Apache) be the recommended user we should use for Lucee/Tomcat, or would we be better off setting up some completely new user, such as a user named "tomcat"?

If we do use something other than root, are there any permissions, access, or functionality issues that we should be aware of?


Thanks in advance for any help!

Steve


Nando Breiter

unread,
May 9, 2016, 2:42:59 PM5/9/16
to lu...@googlegroups.com
I would certainly suggest to install Lucee under a separate user that cannot login. I run my production servers using Nginx, but in my experience on CentOS, Lucee runs just fine under a separate username. 

I think it would be better if the installer asked you to specify a user and user group to install Lucee under, rather than offering root as the default option. 






Aria Media Sagl
+41 (0)76 303 4477 cell
skype: ariamedia

--
Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/2dbac274-3aba-48ad-a57d-93c5b1174daf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Steve Lauen

unread,
May 10, 2016, 5:12:18 PM5/10/16
to Lucee
Thanks Nando!  

Would you recommend using the Apache user, or some other user?

Steve

Nando Breiter

unread,
May 10, 2016, 5:16:19 PM5/10/16
to lu...@googlegroups.com
"some other user" works for me just fine



Aria Media Sagl
+41 (0)76 303 4477 cell
skype: ariamedia

To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/87c5b5de-5581-459d-a255-94bfa346a0de%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages