https://bz.apache.org/bugzilla/show_bug.cgi?id=59968
Bug ID: 59968
Summary: Change to tighten permissions makes multi-instance
tomcat difficult
Product: Tomcat 8
Version: 8.5.4
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Packaging
Assignee: dev@tomcat.apache.org
Reporter: djgraff...@gmail.com
The change committed to tighten up permissions
(https://svn.apache.org/repos/asf/tomcat/trunk@1713174) unfortunately makes it
difficult to establish multi-instance configurations on unix systems.
bin/ has been changed from 755 to 750
conf/ has been changed from 755 to 700
lib/ has been changed from 755 to 750
logs/ has been changed from 755 to 750
temp/ has been changed from 755 to 750
webapps/ has been changed from 755 to 750
work/ has been changed from 755 to 750
The change on 8.5.x is ideal for setting up a secure out-of-the-bag instance.
When used to template out an instance using a provisioning tool (e.g. Ansible
or Chef), it can make copying default files to the instance impossible without
changing permissions.
Also, when running tomcat as a non-privileged user for the instance, the
scripts in bin/ are either inaccessible or not configured to be read (most
files are set to 600) or executed (scripts are set to 750).
I would recommend reverting this change and documenting in the RUNNING.txt
steps to ensure proper setup & permissions.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
