DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13755>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13755 Coyote connector cannot run from read-only directory (security hole) Summary: Coyote connector cannot run from read-only directory (security hole) Product: Tomcat 4 Version: 4.1.12 Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: Other Component: Connector:Coyote HTTP/1.1 AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The Coyote connector cannot run from read-only media (whether due to permissions, or if carried around on a CD or if running from a classroom setting.) This is because the connector attempts to create tomcat-users.xml.new in the conf directory. If it cannot write this file, tomcat crashes on startup. For security reasons, the conf directory must not be writable by anyone except root. Tomcat 4.0 did not have this problem; it could be carried around on a CD and allow development and testing on any computer you happened to sit down on without installing on the computer. -- To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
