Bug#821391: More information
David_dev Dev
dcpc.dev at gmail.com
Mon Apr 18 14:48:52 UTC 2016
I found the chown in the /var/lib/dpkg/info/tomcat7.postinst. not really
sure if it's in the tomcat7-admin package ....
# configuration files should not be modifiable by tomcat7 user, as
this can be a security issue
# (an attacker may insert code in a webapp and have access to all
tomcat configuration)
# but those files should be readable by tomcat7, so we set the
group to tomcat7
chown -Rh root:$TOMCAT7_GROUP /etc/tomcat7/*
But this make the default configuration for jmx user/password access
unsable (put the file in mode 600 for the ... tomcat7 user).
and i don't see were to put those files with logic (if i'm new admin and
look for tomcat access config files .. i'll look in the tomcat conf folder).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20160418/3bfc171a/attachment.html>
More information about the pkg-java-maintainers
mailing list