Bug#418828: /var/lib/tomcat5.5 doesn't belong to tomcat-user after installation
Armin Fuerst
armin at cogidata.com
Fri Nov 2 22:29:03 UTC 2007
David Pashley wrote:
> On Nov 02, 2007 at 12:50, Armin Fuerst praised the llamas by saying:
>>> Servlets should get the temp dir location from the servlet context if they
>>> need to write temporary files. Trying to create files in the current dir is
>>> very broken AFAICT, so I don't see that this is a Tomcat bug. Closing.
>> This is a good argument, but why make my life as sysadmin more difficult
>> than necessary? It's not my fault it any servlet wants to write into
>> this location?
>
> Why not make everything world-writeable? Network daemons should have
> permission to write to as little as possible. If you want to be more
> permissive and understand the risks, then you can run a chmod yourself.
> It's hardly onerous.
That's not really the same argument. I agree that networks daemons
should have as little permissions as necessary, but this directory
is created for this daemon, so this is really a different situation
to giving tomcat world-writeable permissions!
> However, for a default install, tomcat should be as secure as possible.
> Obviously you should be fixing your servlets and not giving tomcat more
> permissions than it needs.
I can't fix a servlet I didn't write myself!
Armin
More information about the pkg-java-maintainers
mailing list