how about change /etc/tomcat5.5/tomcat-users.xml 's file mode to 600
Bug #390942 reported by
LI Daobing
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tomcat5.5 (Debian) |
Fix Released
|
Unknown
|
|||
| tomcat5.5 (Ubuntu) |
Incomplete
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: tomcat5.5
Hello,
/etc/tomcat5.
thanks.
ProblemType: Bug
Architecture: i386
Date: Tue Jun 23 11:08:41 2009
DistroRelease: Ubuntu 9.10
Package: tomcat5.5 5.5.26-5ubuntu1
PackageArchitec
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: tomcat5.5
Uname: Linux 2.6.30-9-generic i686
Revision history for this message
| LI Daobing (lidaobing) wrote | #1 |
| Changed in tomcat5.5 (Debian): | |
| status: | Unknown → New |
Revision history for this message
| Thierry Carrez (ttx) wrote | #2 |
| Changed in tomcat5.5 (Ubuntu): | |
| status: | New → Incomplete |
| Changed in tomcat5.5 (Debian): | |
| status: | New → Fix Released |
To post a comment you must log in.
This was discussed in http://
Though /etc/tomcat5.5 permissions are weird (to say the least), tomcat-users.xml is not world-readable, since /etc/tomcat5.5 is not world-readable.
Having the file adm readable is a trade-off. What would changing it to 600 tomcat55:adm exactly bring ?
Note that for tomcat6, when fixing permissions I made a different trade-off. tomcat-users.xml is 640 root:tomcat6 so that only root can modify it and only the tomcat6 group can read it.