Bug#532284: Permissions for tomcat6

Thierry Carrez thierry.carrez at ubuntu.com
Wed Aug 19 14:35:05 UTC 2009


Ludovic Claude wrote:

> Well that sounds well argumented, in particular the issue of permissions
> for /etc/tomcat6.
> 
> Do you recommend reverting permissions in /etc/tomcat6 to root:root 640?

Yes, I would recommend reverting /etc permissions the way they were
before (root:root 640 with the 2 exceptions).

For /var/lib/tomcat6/webapps, the new setting doesn't lessen security so
I don't care so much. If someone has a good argument on why allowing the
"adm" group to deploy tomcat6 webapps is better than using the "tomcat6"
group, then so be it. To me it just sounds like we lose the possibility
of allowing someone to deploy webapps without making him a full member
of the adm group...

> In any case, such security issues should have been well documented in
> the package, to prevent ignorant maintainers (me!) from messing up with
> those sensitive issues.

Yes, I missed that in my "changes-from-tomcat5.5" notes in README.Debian.

-- 
Thierry





More information about the pkg-java-maintainers mailing list