https://issues.apache.org/bugzilla/show_bug.cgi?id=46815
Summary: Tomcat user database file - permission problem on Unix systems Product: Tomcat 6 Version: 6.0.18 Platform: All OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: Catalina AssignedTo: dev@tomcat.apache.org ReportedBy: petr.sumb...@sun.com >From Tomcat tar archive I get: ls -l apache-tomcat-6.0.18/conf/tomcat-users.xml -rw------- 1 tomcat staff 1107 Jul 21 2008 apache-tomcat-6.0.18/conf/tomcat-users.xml But Tomcat itself changes this during its first run: ls -l apache-tomcat-6.0.18/conf/tomcat-users.xml -rw-r--r- 1 tomcat staff 70 Feb 12 08:31 apache-tomcat-6.0.18/conf/tomcat-users.xml This is bad from security perspective. See also: http://www.nabble.com/tomcat-users.xml-Unix-file-permissions-and-security-(possible-patch)-td21980349.html#a21980349 -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org