Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Tomcat user manager access

Discussion in 'Security' started by chrismfz, Oct 24, 2013.

  1. chrismfz

    chrismfz Well-Known Member

    Joined:
    Jul 4, 2007
    Messages:
    125
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    Greece
    cPanel Access Level:
    DataCenter Provider
    Is it possible to create a tomcat user for manager-gui only
    and somehow he will able to view only /manager for his domain only using roles or something else?

    I didn't get it, I can create a user with manager-gui access only
    and I can see his apps with his.domain.tld:8080/manager
    That's good ok,

    but he can also see any.other.domain.on.server:8080/manager
    and mess around with them.
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    What version of Tomcat is installed on your system? You can review the roles assigned to the user in the following file:

    Code:
    /usr/local/jakarta/tomcat/conf/tomcat-users.xml
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. chrismfz

    chrismfz Well-Known Member

    Joined:
    Jul 4, 2007
    Messages:
    125
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    Greece
    cPanel Access Level:
    DataCenter Provider
    Hello there! I think I explained it wrong! Sorry!

    I've created a user, and he can see his apps from his domain:8080/manager.

    The thing is, he can see with his username/password any other app on the server or the main hostname
    just adding :8080/manager to the hostname or any other domain.


    That is what I try to avoid. I don't know if there is a solution about this.

    Version is 7, tomcat-users.xml is something like:

    <role rolename="manager-gui"/>
    <user username="user_here" password="password" roles="manager-gui"/>

    Can I give a user specific access only to one domain (his own domain) for /manager ?
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    I'm under the impression that behavior is by design. However, feel free to open a support ticket and we can ensure it's functioning as expected. Post the ticket number here and we can update this thread with the outcome.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice