tag 445848 patch
thanks
This patch adds the "private" subfolder for tomcat-users.xml. The
overall permissions are the standard ones (root.root 644), which means:
* User instances are better supported (as said before)
* tomcat55 can't overwrite configuration files
Further remarks:
* The shutdown string isn't important since jsvc entered.
server.xml doesn't need protection.
* Permissions aren't set recursively to 644, thus custom
configurations aren't overridden.
* dpkg-statoverride use is based on Debian Policy 10.9.1. Maybe it
should be used with /var folders too.
* A directory symlink in postinst is removed. It created a symlink
inside the pointed directory instead of overwriting the
directory symlink. Then purging the package didn't delete this
extra symlink.
diff -u tomcat5.5-5.5.25.orig/debian/README.Debian tomcat5.5-5.5.25/debian/README.Debian
--- tomcat5.5-5.5.25.orig/debian/README.Debian 2008-01-08 02:37:00.000000000 +0100
+++ tomcat5.5-5.5.25/debian/README.Debian 2008-01-07 19:00:59.000000000 +0100
@@ -58,7 +58,7 @@
- There is a webapp for basic web-based administration of Tomcat's webapps
in the tomcat5.5-admin package. You need to add one of the users in
- /etc/tomcat5.5/tomcat-users.xml to the manager role and probably
+ /etc/tomcat5.5/private/tomcat-users.xml to the manager role and probably
set a better password. The "Web Application Manager" can then be accessed
at http://localhost:8180/manager/html. There's also a more sophisticated
administration webapp called "admin" in the same package but it can't make
diff -u tomcat5.5-5.5.25.orig/debian/rules tomcat5.5-5.5.25/debian/rules
--- tomcat5.5-5.5.25.orig/debian/rules 2008-01-08 02:37:00.000000000 +0100
+++ tomcat5.5-5.5.25/debian/rules 2008-01-07 19:13:28.000000000 +0100
@@ -62,9 +62,10 @@
dh_install
# Prune extra installed files from the various packages.
rm -f $(TOMCAT_SHARE_DIR)/bin/*.{jar,xml} \
- $(TOMCAT_VARLIB_DIR)/conf/{server,web,tomcat-users}.xml \
+ $(TOMCAT_VARLIB_DIR)/conf/{server,web}.xml \
$(TOMCAT_VARLIB_DIR)/conf/Catalina/localhost/* \
$(TOMCAT_VARLIB_DIR)/conf/catalina.policy \
+ $(TOMCAT_VARLIB_DIR)/conf/private/tomcat-users.xml \
$(LIBTOMCAT_SHARE_DIR)/bin/*.sh \
$(LIBTOMCAT_SHARE_DIR)/common/lib/{commons-*,{jsp,servlet}-api.jar} \
$(LIBTOMCAT_SHARE_DIR)/server/lib/commons-*
diff -u tomcat5.5-5.5.25.orig/debian/server.xml tomcat5.5-5.5.25/debian/server.xml
--- tomcat5.5-5.5.25.orig/debian/server.xml 2008-01-08 02:37:00.000000000 +0100
+++ tomcat5.5-5.5.25/debian/server.xml 2008-01-07 19:18:11.000000000 +0100
@@ -34,7 +34,7 @@
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml" />
+ pathname="conf/private/tomcat-users.xml" />
</GlobalNamingResources>
diff -u tomcat5.5-5.5.25.orig/debian/tomcat5.5.init tomcat5.5-5.5.25/debian/tomcat5.5.init
--- tomcat5.5-5.5.25.orig/debian/tomcat5.5.init 2008-01-08 02:37:00.000000000 +0100
+++ tomcat5.5-5.5.25/debian/tomcat5.5.init 2008-01-07 22:15:43.000000000 +0100
@@ -157,12 +157,12 @@
# Clean up and set permissions on required files
find "$CATALINA_BASE"/temp/ -mindepth 1 -exec rm -fr {} +
- REQUIRED_FILES='"$CATALINA_BASE/conf"
- "$CATALINA_BASE/logs" "$CATALINA_BASE/temp"
- "$CATALINA_BASE/webapps" "$CATALINA_BASE/work"'
- if [ -e "$CATALINA_BASE/conf/tomcat-users.xml" ]; then
+ REQUIRED_FILES='"$CATALINA_BASE/logs" "$CATALINA_BASE/temp"
+ "$CATALINA_BASE/webapps" "$CATALINA_BASE/work"
+ "$CATALINA_BASE/conf/private"'
+ if [ -e "$CATALINA_BASE/conf/private/tomcat-users.xml" ]; then
REQUIRED_FILES=$REQUIRED_FILES'
- "$CATALINA_BASE/conf/tomcat-users.xml"'
+ "$CATALINA_BASE/conf/private/tomcat-users.xml"'
fi
eval chown --dereference "$TOMCAT5_USER" $REQUIRED_FILES \
|| true
diff -u tomcat5.5-5.5.25.orig/debian/tomcat5.5.install tomcat5.5-5.5.25/debian/tomcat5.5.install
--- tomcat5.5-5.5.25.orig/debian/tomcat5.5.install 2008-01-08 02:37:00.000000000 +0100
+++ tomcat5.5-5.5.25/debian/tomcat5.5.install 2008-01-07 19:16:20.000000000 +0100
@@ -4,7 +4,7 @@
build/dist/conf/catalina.properties /etc/tomcat5.5/
build/dist/conf/server-minimal.xml /etc/tomcat5.5/
build/dist/conf/catalina.policy /etc/tomcat5.5/
-build/dist/conf/tomcat-users.xml /etc/tomcat5.5/
+build/dist/conf/tomcat-users.xml /etc/tomcat5.5/private/
build/dist/conf/context.xml /etc/tomcat5.5/
build/dist/conf/web.xml /etc/tomcat5.5/
debian/policy/* /etc/tomcat5.5/policy.d/
diff -u tomcat5.5-5.5.25.orig/debian/tomcat5.5.postinst tomcat5.5-5.5.25/debian/tomcat5.5.postinst
--- tomcat5.5-5.5.25.orig/debian/tomcat5.5.postinst 2008-01-08 02:37:00.000000000 +0100
+++ tomcat5.5-5.5.25/debian/tomcat5.5.postinst 2008-01-07 23:03:38.000000000 +0100
@@ -20,12 +20,17 @@
tomcat55
fi
chown -R tomcat55:nogroup /var/log/tomcat5.5 /var/cache/tomcat5.5
- chown -R tomcat55:adm /etc/tomcat5.5
+
+ # 700 access for tomcat-users.xml folder
+ if ! dpkg-statoverride --list /etc/tomcat5.5/private >/dev/null 2>&1
+ then
+ dpkg-statoverride --update --add tomcat55 root 700 \
+ /etc/tomcat5.5/private
+ fi
+
chown tomcat55:adm /var/log/tomcat5.5 /var/cache/tomcat5.5
- chmod -R 770 /etc/tomcat5.5
- chmod 750 /var/log/tomcat5.5 /etc/tomcat5.5
+ chmod 750 /var/log/tomcat5.5
chmod 700 /var/cache/tomcat5.5
- ln -sf /etc/tomcat5.5 /var/lib/tomcat5.5/conf
# Moving conffiles.
if dpkg --compare-versions "$2" le "5.5.25-4"; then
diff -u tomcat5.5-5.5.25.orig/debian/tomcat5.5.postrm tomcat5.5-5.5.25/debian/tomcat5.5.postrm
--- tomcat5.5-5.5.25.orig/debian/tomcat5.5.postrm 2008-01-08 02:37:00.000000000 +0100
+++ tomcat5.5-5.5.25/debian/tomcat5.5.postrm 2008-01-07 23:05:50.000000000 +0100
@@ -14,6 +14,7 @@
/var/lib/tomcat5.5/temp
rmdir --ignore-fail-on-non-empty /var/lib/tomcat5.5 || true
rmdir --ignore-fail-on-non-empty /etc/tomcat5.5/policy.d /etc/tomcat5.5 || true
+ dpkg-statoverride --remove /etc/tomcat5.5/private || true
# remove user tomcat5 if it exists, and package tomcat5 is
# marked as purged or has never been installed
if [ -n "$(dpkg -l tomcat5 | grep pn)" -o -n "$(dpkg -l tomcat5 | grep un)" ]
