Bug#821391: tomcat7-admin: Patch 7.0.28+deb-u4 overwrite owner of all /etc/tomcat7

David CHALON dcpc.dev at gmail.com
Mon Apr 18 11:55:54 UTC 2016 

Package: tomcat7-admin
Version: 7.0.28-4+deb7u4
Severity: important

Dear Maintainer,
*** Please consider answering these questions, where appropriate ***

   * What led up to the situation?
	All tomcat servers crash after the auto update via unattended-upgrade
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
	Correct manually our specific owner files and restart tomcat7 service
   * What was the outcome of this action?
	Impossible to start all the tomcat7 services (with JMX  configured)
   * What outcome did you expect instead?
	that the patch don't modify files that don't come from the package.

Details :
	We use a tomcat7 debian installation.
	We modify to use tomcat7:tomcat7 user for the tomcat7 processes
	we want to add JMX access configuration with user/password access -> no debian doc found => configuration taken from "official" oracle documentation.
		=> put jmxremote.user and jmxremote.password in /etc/tomcat7 (symlinked to /var/lib/tomcat7/conf for official oracle path conservation)
		=> mandatory kmxremote.password = right 600 on the file and then we chown tomcat7:tomcat7 the file too.

	We use unattended-upgrade for security patch. This morning -> deploying some tomcat7  patch on all serveurs.
	-> In the tomcat7.postinst there is chown -Rh root:(GROUP) on /etc/tomcat7 !
	=> jmxremote.password misconfigured and tomcat7 don't start... 

Ideas or solutions :
	Modify only files coming from the package.
	Or interesting on how debian want we configure the JMX access, as if we take official recommandation it leads to a fatal crash. 


-- System Information:
Debian Release: 7.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages tomcat7-admin depends on:
ii  tomcat7-common  7.0.28-4+deb7u4

tomcat7-admin recommends no packages.

tomcat7-admin suggests no packages.

-- no debconf information

-- 
Ce courriel (incluant ses éventuelles pièces jointes) contient des informations confidentielles et/ou protégées ou dont la diffusion est restreinte. Si vous avez reçu ce courriel par erreur, vous ne devez ni le copier, ni l’utiliser, ni en divulguer le contenu à quiconque. Merci d’en avertir immédiatement l’expéditeur et d'effacer ce courriel de votre système. Renault Sport Racing décline toute responsabilité en cas de corruption par virus, d’altération ou de falsification de ce courriel lors de sa transmission par voie électronique.<br><i>Renault Sport Racing s.a.s – Registre du Commerce et des Sociétés d'Evry (Numéro 306.140.807) – Siège social: 1-15 Avenue du Président Kennedy, 91170 Viry Chatillon, France</i><br>This email (including any attachments) contains confidential and/or privileged information or information otherwise protected from disclosure. If you are not the intended recipient, please notify the sender immediately, do not copy this message or any attachments and do not use it for any purpose or disclose its content to any person, but delete this message and any attachments from your system. Renault Sport Racing disclaims any and all liability if this email transmission was virus corrupted, altered or falsified.<br><i> Renault Sport Racing s.a.s – Commercial and Companies Registry of Evry (Number 306.140.807) – Registered office : 1-15 Avenue du Président Kennedy, 91170 Viry Chatillon, France</i><br>

More information about the pkg-java-maintainers mailing list