[Bug 424675] New: Access rights to /etc/tomcat6 directory not set right - openSUSE Bugs - openSUSE Mailing Lists

newer
[Bug 433852] New: Tomcat6 missing...

[Bug 424675] New: Access rights to /etc/tomcat6 directory not set right

older
[Bug 480744] New: flashplayer:...

bugzilla_noreply＠novell.com

9 Sep 2008 9 Sep '08

07:16

https://bugzilla.novell.com/show_bug.cgi?id=424675 Summary: Access rights to /etc/tomcat6 directory not set right Product: openSUSE 11.1 Version: Factory Platform: i686 OS/Version: openSUSE 11.0 Status: NEW Severity: Major Priority: P5 - None Component: Java AssignedTo: bnc-team-java@forge.provo.novell.com ReportedBy: sebastianklenk@visions-tec.de QAContact: qa@suse.de Found By: Community User The owner of the tomcat configuration directory is not set right (they are root.root) which prohibits tomcat (when startet with the init script) which runs as tomcat to write this directory. this is required when using webapp based context files. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

Show replies by date

bugzilla_noreply＠novell.com

16 Sep 16 Sep

09:36

New subject: [Bug 424675] Access rights to /etc/tomcat6 directory not set right

https://bugzilla.novell.com/show_bug.cgi?id=424675 User mvyskocil@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=424675#c1 Michal Vyskocil <mvyskocil@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mvyskocil@novell.com AssignedTo|bnc-team-java@forge.provo.novell.com |mvyskocil@novell.com Severity|Major |Normal Status|NEW |ASSIGNED Priority|P5 - None |P4 - Low --- Comment #1 from Michal Vyskocil <mvyskocil@novell.com> 2008-09-16 03:36:14 MDT --- Fixed in STABLE/Factory (will be submitted asap). Reassign to me to tracking for the older releases (11.0). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

16 Mar 16 Mar

09:49

New subject: [Bug 424675] Access rights to /etc/tomcat6 directory not set right

https://bugzilla.novell.com/show_bug.cgi?id=424675 User mvyskocil@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=424675#c2 Michal Vyskocil <mvyskocil@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |INVALID --- Comment #2 from Michal Vyskocil <mvyskocil@novell.com> 2009-03-16 03:49:40 MST --- This change was rejected for security reasons. The writable /etc/tomcat6 will brings a possible security hole and the context.xml should be read from [1] $CATALINA_BASE/webapps/[webappname]/META-INF/context.xml which is owned by application. Only one file writable in /etc/tomcat6 is tomcat-users.xml. [1] http://tomcat.apache.org/tomcat-6.0-doc/deployer-howto.html -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

11:00

New subject: [Bug 424675] Access rights to /etc/tomcat6 directory not set right

https://bugzilla.novell.com/show_bug.cgi?id=424675 User sebastianklenk@visions-tec.de added comment https://bugzilla.novell.com/show_bug.cgi?id=424675#c3 --- Comment #3 from Sebastian Klenk <sebastianklenk@visions-tec.de> 2009-03-16 05:00:55 MST --- Tomcat autodeploy copies the context.xml from the META-INF dir to /etc/tomcat6/Catalina/localhost/APP-NAME dir. This dosen't work if this directory is not writabel for tomcat. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

14:05

New subject: [Bug 424675] Access rights to /etc/tomcat6 directory not set right

https://bugzilla.novell.com/show_bug.cgi?id=424675 User mvyskocil@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=424675#c4 Michal Vyskocil <mvyskocil@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|INVALID | --- Comment #4 from Michal Vyskocil <mvyskocil@novell.com> 2009-03-16 08:05:35 MST --- You're right. The documentation of tomcat is little bit unclear about it. But still there are two main problems with a proper fix: 1.) Giving write access to /etc/tomcat6 for user tomcat is a security risk, because application would be allowed to change a server configuration. 2.) /etc is not intended for deploying of files, just for static configuration, according FHS. My proposal is create a symlink /etc/tomcat6/Catalina /var/cache/tomcat6/Catalina, so deployed context.xml files will be stored in the same directory as .java and .class files built from JSP. l /etc/tomcat6/Catalina lrwxrwxrwx 1 root root 27 2009-03-16 15:02 /etc/tomcat6/Catalina -> /var/cache/tomcat6/Catalina/ So tomcat will be able to write a files to $CATALINA_BASE/conf/Catalina/localhost -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

17 Mar 17 Mar

09:36

New subject: [Bug 424675] Access rights to /etc/tomcat6 directory not set right

https://bugzilla.novell.com/show_bug.cgi?id=424675 User mvyskocil@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=424675#c5 Michal Vyskocil <mvyskocil@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO Info Provider| |sebastianklenk@visions-tec. | |de --- Comment #5 from Michal Vyskocil <mvyskocil@novell.com> 2009-03-17 03:36:37 MST --- Do you think that this should be enough? I tested it and tomcat6 uses a /var/cache/tomcat6/Catalina/[servername] for it. I'm going to release a fix for Factory and later for openSUSE. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

09:45

New subject: [Bug 424675] Access rights to /etc/tomcat6 directory not set right

https://bugzilla.novell.com/show_bug.cgi?id=424675 User sebastianklenk@visions-tec.de added comment https://bugzilla.novell.com/show_bug.cgi?id=424675#c6 Sebastian Klenk <sebastianklenk@visions-tec.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED Info Provider|sebastianklenk@visions-tec. | |de | --- Comment #6 from Sebastian Klenk <sebastianklenk@visions-tec.de> 2009-03-17 03:45:58 MST --- Sounds good to me! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

10:13

New subject: [Bug 424675] Access rights to /etc/tomcat6 directory not set right

https://bugzilla.novell.com/show_bug.cgi?id=424675 Michal Vyskocil <mvyskocil@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |485933 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

5757

Age (days ago)

5946

Last active (days ago)

Download

7 comments

1 participants

tags

participants (1)

bugzilla_noreply＠novell.com