On 21/09/2020 20:20, David Magda wrote:
> Tomcat is operating at two levels: the operating system and the
> application.
>
> Using "-Duser.home" is useful for telling the application itself where
> to look for things, but less so for doing some operations at the OS layer.
>
> One example is for
On Sun, 2 Jun 2019 23:29:51 +0200, Emmanuel Bourg wrote:
I admit using / as home directory isn't perfect, but I fail to see how
this can be considered insecure.
What about setting the -Duser.home JVM parameter when Tomcat is started
instead of changing the system user home?
Tomcat is operatin
Le 03/04/2019 à 18:40, Alex a écrit :
> A problem begins when some of Tomcat's webapps are trying to access $HOME for
> writing. That's completely another question about _why_ they want to write to
> $HOME. But the whole idea having `/` as home dir is definitely insecure.
The previous tomcat8 p
Package: tomcat9
Version: 9.0.16-1~bpo9+1
Severity: important
Tags: d-i
Dear Maintainer,
With default `tomcat9` installation a system user is created as per the
following instructions:
# Create the tomcat user as defined in /usr/lib/sysusers.d/tomcat9.conf
systemd-sysusers
/usr/lib/sys
