DO NOT REPLY [Bug 22405] warn if not deploy with umask "0077" or if deployed as "root" and provide tutorial URL "Secure deployment"

https://issues.apache.org/bugzilla/show_bug.cgi?id=22405 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|

Re: DO NOT REPLY [Bug 22405] warn if not deploy with umask "0077" or if deployed as "root" and provide tutorial URL "Secure deployment"

On 19/01/2011 19:37, Rainer Jung wrote: > Not tested with Java 6, but at least for Java 5 user.name still seems to > return the real uid, not the effective one. So I expect under jsvc you > will still get root as the result. > > See: > > http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4290712

Re: DO NOT REPLY [Bug 22405] warn if not deploy with umask "0077" or if deployed as "root" and provide tutorial URL "Secure deployment"

On 19.01.2011 20:00, Mark Thomas wrote: On 19/01/2011 18:53, Ian Darwin wrote: On 01/19/11 13:47, Mark Thomas wrote: On 19/01/2011 18:45, bugzi...@apache.org wrote: https://issues.apache.org/bugzilla/show_bug.cgi?id=22405 --- Comment #5 from Mark Thomas 2011-01-19 13:45:40 EST --- Created an

Re: DO NOT REPLY [Bug 22405] warn if not deploy with umask "0077" or if deployed as "root" and provide tutorial URL "Secure deployment"

On 19/01/2011 18:53, Ian Darwin wrote: > On 01/19/11 13:47, Mark Thomas wrote: >> On 19/01/2011 18:45, bugzi...@apache.org wrote: >>> https://issues.apache.org/bugzilla/show_bug.cgi?id=22405 >>> >>> --- Comment #5 from Mark Thomas 2011-01-19 13:45:40 EST >>> --- >>> Created an attachment (id=2651

Re: DO NOT REPLY [Bug 22405] warn if not deploy with umask "0077" or if deployed as "root" and provide tutorial URL "Secure deployment"

On 01/19/11 13:47, Mark Thomas wrote: > On 19/01/2011 18:45, bugzi...@apache.org wrote: >> https://issues.apache.org/bugzilla/show_bug.cgi?id=22405 >> >> --- Comment #5 from Mark Thomas 2011-01-19 13:45:40 EST >> --- >> Created an attachment (id=26519) >> --> (https://issues.apache.org/bugzilla/

Re: DO NOT REPLY [Bug 22405] warn if not deploy with umask "0077" or if deployed as "root" and provide tutorial URL "Secure deployment"

On 19/01/2011 18:45, bugzi...@apache.org wrote: > https://issues.apache.org/bugzilla/show_bug.cgi?id=22405 > > --- Comment #5 from Mark Thomas 2011-01-19 13:45:40 EST --- > Created an attachment (id=26519) > --> (https://issues.apache.org/bugzilla/attachment.cgi?id=26519) > Proposed patch for To

DO NOT REPLY [Bug 22405] warn if not deploy with umask "0077" or if deployed as "root" and provide tutorial URL "Secure deployment"

https://issues.apache.org/bugzilla/show_bug.cgi?id=22405 --- Comment #5 from Mark Thomas 2011-01-19 13:45:40 EST --- Created an attachment (id=26519) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=26519) Proposed patch for Tomcat 7 This patch adds a new listener that checks the user

DO NOT REPLY [Bug 22405] warn if not deploy with umask "0077" or if deployed as "root" and provide tutorial URL "Secure deployment"

https://issues.apache.org/bugzilla/show_bug.cgi?id=22405 --- Comment #4 from Mark Thomas 2011-01-18 20:07:00 EST --- The Tomcat 7 docs include a section on security considerations. I have expanded the OS section for 7.0.7 to cover file permissions, umask etc. I am still thinking about if/how to