You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/08/09 11:37:12 UTC
DO NOT REPLY [Bug 11584] New: -
Configuration files owned by tomcat3 not root
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11584>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11584
Configuration files owned by tomcat3 not root
Summary: Configuration files owned by tomcat3 not root
Product: Tomcat 3
Version: 3.3 Final
Platform: PC
OS/Version: Linux
Status: UNCONFIRMED
Severity: Major
Priority: Other
Component: Unknown
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: pete@idnet.net.uk
tomcat 3.3.1 when installed from rpm runs as user tomcat3 and has it's
configuration files rewritable by this user.
[root@hovercraft pete]# ls -l /etc/tomcat3/conf/tomcat3.conf
-rw-r--r-- 1 tomcat3 tomcat3 866 Apr 30 16:28
/etc/tomcat3/conf/tomcat3.conf
However, this file allows you to specify the user tomcat runs as - i.e. the
tomcat3 user can rewrite his user directive to be root and then wait for a
restart allowing him to escalate his user level to root. I think the
configuration files should be owned by root, not tomcat3.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>