Bug#886725: tomcat8: ownership of directory /var/lib/tomcat8 had been set to 'root:root'
Emmanuel Bourg
ebourg at apache.org
Tue Jan 9 10:45:50 UTC 2018
Le 09/01/2018 à 10:33, Fuwei Chin a écrit :
> Software packages to OS is what web apps to Tomcat, a software package can mkdir under user's home dir, but a web app cannot mkdir under tomcat user's home dir due to lacking of permission, such that a webapp developer cannot find a proper location to put their generated data.
Hi,
I haven't thought about it thoroughly but I suspect changing
/var/lib/tomcat8 permissions to tomcat8:tomcat8 could create a security
issue (for example any webapp could change the Tomcat configuration by
replacing the /var/lib/tomcat/conf symlink). What kind of generated data
do you want to put in /var/lib/tomcat8? Did you consider using
/var/cache/tomcat8 or another custom directory under /var instead?
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list