https://issues.apache.org/bugzilla/show_bug.cgi?id=46815

           Summary: Tomcat user database file - permission problem on Unix
                    systems
           Product: Tomcat 6
           Version: 6.0.18
          Platform: All
        OS/Version: Solaris
            Status: NEW
          Severity: major
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: petr.sumb...@sun.com


>From Tomcat tar archive I get:

ls  -l apache-tomcat-6.0.18/conf/tomcat-users.xml
-rw-------   1 tomcat staff       1107 Jul 21  2008
apache-tomcat-6.0.18/conf/tomcat-users.xml

But Tomcat itself changes this during its first run:

ls -l apache-tomcat-6.0.18/conf/tomcat-users.xml
-rw-r--r-   1 tomcat staff      70 Feb 12 08:31
apache-tomcat-6.0.18/conf/tomcat-users.xml

This is bad from security perspective.

See also:
http://www.nabble.com/tomcat-users.xml-Unix-file-permissions-and-security-(possible-patch)-td21980349.html#a21980349

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to