I'm not sure it's a good change. When I worked on tomcat6 packaging, I
changed the permissions used in tomcat5.5 on purpose.
/etc/tomcat6:
This was set to root:root 644, with two exceptions:
- tomcat-users.xml that needs to be read by tomcat and hidden to users,
so it is root:tomcat6 640
-
Hello Thierry,
Well that sounds well argumented, in particular the issue of permissions
for /etc/tomcat6.
Do you recommend reverting permissions in /etc/tomcat6 to root:root 640?
In any case, such security issues should have been well documented in
the package, to prevent ignorant maintainers
Ludovic Claude wrote:
Well that sounds well argumented, in particular the issue of permissions
for /etc/tomcat6.
Do you recommend reverting permissions in /etc/tomcat6 to root:root 640?
Yes, I would recommend reverting /etc permissions the way they were
before (root:root 640 with the 2
3 matches
Mail list logo
