You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/02/24 10:29:25 UTC
svn commit: r1571197 - /tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml
Author: markt
Date: Mon Feb 24 09:29:25 2014
New Revision: 1571197
URL: http://svn.apache.org/r1571197
Log:
Fix typos
Modified:
tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml
Modified: tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml?rev=1571197&r1=1571196&r2=1571197&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml Mon Feb 24 09:29:25 2014
@@ -55,11 +55,11 @@
the Tomcat process and provide that user with the minimum necessary
permissions for the operating system. For example, it should not be possible
to log on remotely using the Tomcat user.</p>
- <p>File permissions should also be suitable restricted. Taking the Tomcat
+ <p>File permissions should also be suitably restricted. Taking the Tomcat
instances at the ASF as an example (where auto-deployment is disabled and
web applications are deployed as exploded directories), the standard
configuration is to have all Tomcat files owned by root with group Tomcat
- and whilst owner has read/write priviliges, group only has read and world
+ and whilst owner has read/write privileges, group only has read and world
has no permissions. The exceptions are the logs, temp and work directory
that are owned by the Tomcat user rather than root. This means that even if
an attacker compromises the Tomcat process, they can't change the
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org