Bug#418828: /var/lib/tomcat5.5 doesn't belong to tomcat-user after installation
David Pashley
david at davidpashley.com
Fri Nov 2 13:58:44 UTC 2007
On Nov 02, 2007 at 12:50, Armin Fuerst praised the llamas by saying:
>
> > Servlets should get the temp dir location from the servlet context if they
> > need to write temporary files. Trying to create files in the current dir is
> > very broken AFAICT, so I don't see that this is a Tomcat bug. Closing.
>
> This is a good argument, but why make my life as sysadmin more difficult
> than necessary? It's not my fault it any servlet wants to write into
> this location?
Why not make everything world-writeable? Network daemons should have
permission to write to as little as possible. If you want to be more
permissive and understand the risks, then you can run a chmod yourself.
It's hardly onerous.
However, for a default install, tomcat should be as secure as possible.
Obviously you should be fixing your servlets and not giving tomcat more
permissions than it needs.
> If changing the permission is a security issue, I agree, but at least
> until now I don't see a disadvantage.
>
> Armin
>
>
>
--
David Pashley
david at davidpashley.com
Nihil curo de ista tua stulta superstitione.
More information about the pkg-java-maintainers
mailing list