The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomcat user manager access

Discussion in 'Security' started by chrismfz, Oct 24, 2013.

  1. chrismfz

    chrismfz Well-Known Member

    Joined:
    Jul 4, 2007
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Greece
    cPanel Access Level:
    DataCenter Provider
    Is it possible to create a tomcat user for manager-gui only
    and somehow he will able to view only /manager for his domain only using roles or something else?

    I didn't get it, I can create a user with manager-gui access only
    and I can see his apps with his.domain.tld:8080/manager
    That's good ok,

    but he can also see any.other.domain.on.server:8080/manager
    and mess around with them.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    What version of Tomcat is installed on your system? You can review the roles assigned to the user in the following file:

    Code:
    /usr/local/jakarta/tomcat/conf/tomcat-users.xml
    Thank you.
     
  3. chrismfz

    chrismfz Well-Known Member

    Joined:
    Jul 4, 2007
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Greece
    cPanel Access Level:
    DataCenter Provider
    Hello there! I think I explained it wrong! Sorry!

    I've created a user, and he can see his apps from his domain:8080/manager.

    The thing is, he can see with his username/password any other app on the server or the main hostname
    just adding :8080/manager to the hostname or any other domain.


    That is what I try to avoid. I don't know if there is a solution about this.

    Version is 7, tomcat-users.xml is something like:

    <role rolename="manager-gui"/>
    <user username="user_here" password="password" roles="manager-gui"/>

    Can I give a user specific access only to one domain (his own domain) for /manager ?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I'm under the impression that behavior is by design. However, feel free to open a support ticket and we can ensure it's functioning as expected. Post the ticket number here and we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page