minfrin commented on pull request #382: URL: https://github.com/apache/tomcat/pull/382#issuecomment-736674567
> * A few nits in docs. > * I wonder whether we should set default permissions at all and rely on the umask. > * Tomcat has a umask check (startup listener) which these default permissions we basically break that promise... Relying on the umask makes no practical sense, unfortunately. The typical umask is 0027, meaning full access for tomcat itself, read access for members of the tomcat group (so that logfiles can be read but not changed), and no access for anyone else. The unix domain socket is useless if you can't write to it. What that means is that only the tomcat user can send requests to tomcat, and members of the tomcat group can't send requests at all, which is completely pointless. To be in any way useful the socket must be writable, and to do that it either needs to default to being writable, or needs to explicitly set as writable with at least `pathPermissions="rw-rw----"`. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
