On Sun, 2 Jun 2019 23:29:51 +0200, Emmanuel Bourg wrote:
I admit using / as home directory isn't perfect, but I fail to see how
this can be considered insecure.
What about setting the -Duser.home JVM parameter when Tomcat is started
instead of changing the system user home?
Tomcat is operating at two levels: the operating system and the application.
Using "-Duser.home" is useful for telling the application itself where
to look for things, but less so for doing some operations at the OS layer.
One example is for CI/CD infrastructure: if someone wants to use (say)
Jenkins to deploy WAR files as they update code, and want to use SSH
keys for getting into front-end Tomcat systems, where would they put the
authorized_keys(5) file?
SSHd looks for it in "${HOME}/.ssh/" by default, which would mean "/.ssh/".
So where would one put it? Should the passwd(5) file simply be edited
manually after installation?
