I have been asked to set up a Tomcat server, and am just grappling with the extensive documentation. It isn't a production site, just a demonstration site for students to play with, but I'm very puzzled by the file ownerships which SuSE set up as they seem to break security principles as well as being inconvenient. When the Tomcat server starts, /etc/init.d/tomcat changes the ownership of all the files in $CATALINA_BASE to be tomcat:tomcat, i.e. the same as the user running the web server. So the web server has write access to its own configuration and to all the pages it serves, which is obviously a potential security hazard. It is also inconvenient, because the local user who owns the pages can no longer change them without asking a superuser. I am using SuSE 9.1 by the way, but it looks very similar on 9.2. Is there a good reason for it being done like this? Forgive me if I have missed something; I know nothing at all about servlets and am just trying to get the server going without expending too much effort. Regards, Bob ============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London