On 19/01/2011 18:53, Ian Darwin wrote: > On 01/19/11 13:47, Mark Thomas wrote: >> On 19/01/2011 18:45, bugzi...@apache.org wrote: >>> https://issues.apache.org/bugzilla/show_bug.cgi?id=22405 >>> >>> --- Comment #5 from Mark Thomas <ma...@apache.org> 2011-01-19 13:45:40 EST >>> --- >>> Created an attachment (id=26519) >>> --> (https://issues.apache.org/bugzilla/attachment.cgi?id=26519) >>> Proposed patch for Tomcat 7 >>> >>> This patch adds a new listener that checks the user Tomcat is running as and >>> the umask being used. >> >> I didn't apply this directly as it stops Tomcat from starting (not on >> Windows) as root or if the umask is not at least as restrictive as 0007. >> >> WDYT? > > I'd like that to be a warning, not a fatal error.
It is a fine line. Some things are sufficiently dangerous that the user should have to actively choose to do them. Running as root is probably one of them but then again jsvc is designed to run as root to use privileged ports. Maybe there is a way to tell the difference such as move the check until the point where jsvc would have changed to a lower privileged user. The umask is less serious and a warning probably does make more sense there. > Thinking you know all > about what is right for every deployment is a bit of hubris that will > not serve us well. If you're going to go down the road of saving the > user from their own actions,please at least provide an override in the > config file or even -Dignore-runas-error=true It is configurable. I even included in the doc changes in the patch. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
