Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 285337 - root should own tomcat configuration files in /etc/tomcat-6/
Summary: root should own tomcat configuration files in /etc/tomcat-6/
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Java (show other bugs)
Hardware: All All
: Normal normal (vote)
Assignee: Java team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 322979
  Show dependency tree
 
Reported: 2009-09-17 16:56 UTC by Myk Taylor
Modified: 2015-12-09 21:26 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Myk Taylor 2009-09-17 16:56:08 UTC
It seems like an unnecessary security risk to allow the tomcat user to write to server.xml and other tomcat configuration files in /etc/tomcat-6/.  If the server is somehow compromised, it is unwise to allow an attacker to write to configuration files.  Could I suggest changing the ownership of /etc/tomcat-6/ and the files under it to root:tomcat, with directories at mode 750 and files at mode 640?
Comment 1 William L. Thomson Jr. 2011-02-15 02:44:47 UTC
Will have to confirm if manager web app needs to have write permissions. If so be it group or owner is pretty moot. If group needs write, might as well own it all. Though the argument could likely remain to have the stuff root owned, and group writable by tomcat. Might see if security wants to comment on such, and also need to confirm of if manager web app needs write access or not. I believe so, since you can create new hosts and such. Which would require access to config files otherwise any changes would not be persistent after restart of Tomcat. I don't use the manager app much if at all, thus need to confirm.
Comment 2 William L. Thomson Jr. 2015-12-09 21:26:19 UTC
I do not believe the host-manager app can write to server.xml. It is not documented, and seems any changes there are lost on restart. Still looking into if there is some setting or way to save/write changes to server.xml. If I discover such I will update accordingly but at this time does not seem possible.