I install the Jboss with Tomcat 4.0.3 on Red Hat and found that the Tomcat run with root privilege, so if some one upload a file to the server, that file will have the right to do some unfriendly things. Anyone can answer this question is highly appreciated.