Tomcat permissions

Submitted by M.Tag on Wed, 26/10/2005 - 10:55am.
::

Salamoo Alikooo
I'm using Mandrake10.1, My intranet running on Tomcat 5.0.27.
- Can i use linux users permission while accessing my intranet through the web?
- if the intranet is pure html can i do this also?
- if this not supported by tomcat.Which web server can support?

Thanks.

‹ Linux Quick Fix Notebook -Free Book- highly recommended i want to make file-server in my work with mandriva ›

hmm!

Submitted by Pronco on Wed, 26/10/2005 - 9:08pm.

Do you mean that you want Tomcat to provide user authentication based on that system's /etc/passwd?

- I'm a code junkie security enthusiast

- http://pronco.manalaa.net

Pronco's picture

If so.. then you need to conf

Submitted by __null on Wed, 26/10/2005 - 9:58pm.

If so.. then you need to configure a JAASRealm that uses UnixLoginModule for authentication....

RTFMs:

How? About?

Submitted by Pronco on Thu, 27/10/2005 - 1:48am.

plug in a matching auth database

i.e. an LDAP / PAM access module

- I'm a code junkie security enthusiast

- http://pronco.manalaa.net

Pronco's picture

That's what is JAAS for!

Submitted by __null on Thu, 27/10/2005 - 2:04am.

That's what is JAAS for!

Java Authentication and Authorization

Submitted by Pronco on Thu, 27/10/2005 - 3:36am.

I've noticed

- I'm a code junkie security enthusiast

- http://pronco.manalaa.net

Pronco's picture

Can i use linux users permiss

Submitted by __null on Wed, 26/10/2005 - 9:10pm.
Can i use linux users permission while accessing my intranet through the web?

what's this supposed to mean?

It is not clear enough

Submitted by M.Tag on Thu, 27/10/2005 - 8:40am.

It is not clear enough, Ok.
The wsbsite(intranet) contains many links which need to open a certain file in a certain directory which have a user permission.
i need to lock the directory with a username and password as linux users, and apply the user permission (owner,group,other)(r,w,e).
When click ask the client to a username and password, Apply directory permission[700](if the user not the owner of the directory will accessed so access denied).

Assume that:
-The website (intranet) was developed using jsp.
-The website (intranet) was developed using pure html.
can this make a difference???

Thanks
Mohammad Tag EL-Deen

ok.. i'll try to rearrange wh

Submitted by __null on Sat, 29/10/2005 - 1:10am.

ok.. i'll try to rearrange what you said...

what you have?

Let's imagine for the moment that you have a directory named "secret" owned by user "legaluser" and group "legalgroup"... directory permission bits are "700" (drwx------) so only the user "legaluser" has full access to this directory while neither his group "legalgroup" nor any others can do anything with it....

what you want to do?

You want to grant web access to this directory... so the scenario would be: some user enters a login and a password ...if they match "legaluser" and the correspoding password... access is granted...

behinde the scene...

  • The web server (or part of it, be it Tomcat's HTTP Connector (Coyote) or Apache HTTPd) must be running as a user that "have access" to the "secret" directory beforehand (you can't give what you don't have)...

so before thinking up a solution ...is that what you want?

Exactly

Submitted by M.Tag on Sun, 30/10/2005 - 11:16am.

Exactly this is what i want to do.
So what about the solution now?.

Thanks
Mohammad Tag EL-Deen

a cgi script would try to "su

Submitted by __null on Mon, 14/11/2005 - 10:55pm.

a cgi script would try to "su" to be "legaluser" using credentials submitted from user and then it would navigate, read certain files in the directory or do whatever.

btw this is riddled with security holes, so you should rethink your application design!

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.