OK. Thanks! --Fred -------------------------------------------------------------------------- Fred Stluka -- mailto:[EMAIL PROTECTED] -- http://bristle.com/~fred/ Bristle Software, Inc -- http://bristle.com -- "Glad to be of service!" --------------------------------------------------------------------------
"Shapira, Yoav" wrote: > Hi, > > >However, I still wonder: > >1. Why does Tomcat re-write the tomcat-users.xml file at > > startup? > > This I already answered: Tomcat rewrites the tomcat-users.xml at startup > to ensure it has permissions on it, because the admin webapp must have > these permissions to allow editing of user information. > > >2. Why does it use the umask value instead of just leaving > > the protections as they were before it updated the file? > > This is the java.io.File default behavior: we don't modify anything and > don't want to have platform-specific or native code in Tomcat. If you > look at the java.io.File JavaDoc, you'll see there's no portable way to > control this. > > >3. Isn't this a problem for most Tomcat installations, since > > without the umask I had applied to my tomcat user, the > > default umask is 002, not 022, so the tomcat-users.xml > > file would be changed to 664, not merely 644, at each > > startup? Seems like the default Tomcat behavior > > introduces a security risk. > > Judging by the fact this is raised about once a year on the mailing > list, I'd say the majority of people don't care. Secure installations > take care with their umasks from the beginning, so for them this is not > an issue. > > Yoav > > This e-mail, including any attachments, is a confidential business communication, > and may contain information that is confidential, proprietary and/or privileged. > This e-mail is intended only for the individual(s) to whom it is addressed, and may > not be saved, copied, printed, disclosed or used by anyone else. If you are not > the(an) intended recipient, please immediately delete this e-mail from your computer > system and notify the sender. Thank you. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]