List,
I'm trying to secure my tomcat instances. One of the steps I took
was to run the tomcat process using the non-privileged "tomcat" user,
and set the file system permissions as restrictive as possible. It all
works well, but there is something missing: "The tomcat user is able
to read the access log files":
root@7083cdc8e2fc:/apps/tomcat/logs# ls -la
...
-rw-rw---- 1 tomcat tomcat 0 Dec 1 19:46 0.0.0.0_access_log.2015-12-01.txt
Is there any way to configure tomcat to be able to write to the
access log file, but have the file owned by root with permissions 600?
I understand that this is done by starting the tomcat process as root
and then dropping privileges using setuid() , but was unable to find
something already built / well documented.
Ideas?
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
