David Pashley wrote: > On Nov 02, 2007 at 12:50, Armin Fuerst praised the llamas by saying: >>> Servlets should get the temp dir location from the servlet context if they >>> need to write temporary files. Trying to create files in the current dir is >>> very broken AFAICT, so I don't see that this is a Tomcat bug. Closing. >> This is a good argument, but why make my life as sysadmin more difficult >> than necessary? It's not my fault it any servlet wants to write into >> this location? > > Why not make everything world-writeable? Network daemons should have > permission to write to as little as possible. If you want to be more > permissive and understand the risks, then you can run a chmod yourself. > It's hardly onerous.
That's not really the same argument. I agree that networks daemons should have as little permissions as necessary, but this directory is created for this daemon, so this is really a different situation to giving tomcat world-writeable permissions! > However, for a default install, tomcat should be as secure as possible. > Obviously you should be fixing your servlets and not giving tomcat more > permissions than it needs. I can't fix a servlet I didn't write myself! Armin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]