Hi, On Tue, 25.09.2018-00:10:19 +0200, Markus Koschany wrote: > Am 24.09.18 um 23:54 schrieb Thorsten Glaser: > > Package: tomcat8 > > Version: 8.5.14-1+deb9u3 > > Severity: important > [...] > > Apparently, umask is not (no longer?) honoured. On a jessie box: > [...] > > I guess it would help to check the previous version of Tomcat 8 in > Jessie again. If you think this version works as expected, then there > _might_ be a regression in the latest security update. I suggest to > contact Roberto, the last uploader, in this case too because he is most > likely able to clarify this behavior. Tomcat7 and Tomcat8 do not > necessarily have to behave identically.
tomcat8 introduced a new configuration variable in /usr/share/tomcat8/bin/catalina.sh which can be used to set the umask. If that variable is not set, catalina.sh sets the umask to 0027. This differs from tomcat7, which didn't use such a variable but rather ran in the context of the calling process (which could be done using umask in /etc/default/tomcat7). After upgrading from jessie to stretch and using tomcat8 as a drop in replacement for tomcat7, things are different. The above does no longer set the umask for tomcat8. One could add UMASK as a variable to /etc/default/tomcat8, so that users are more likely to find the change and set the variable. I did that and it works for me: >From my /etc/default/tomcat8: > # Set the umask for tomcat, variable is used by catalina.sh > UMASK=0022 I think this is a wishlist bug rather then a regression. Kind regards, Philipp
