You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/04/30 17:06:09 UTC
DO NOT REPLY [Bug 19483] New: -
tomcat-users.xml is reset to read all
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19483>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19483
tomcat-users.xml is reset to read all
Summary: tomcat-users.xml is reset to read all
Product: Tomcat 4
Version: 4.1.24
Platform: Other
OS/Version: AIX
Status: NEW
Severity: Normal
Priority: Other
Component: Unknown
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: robert.widmer@omv.com
I am using Tomcat 4.1.24 on AIX 4.3.3. In tomcat-users.xml there is the password
of the admin user in plain text. To make the file unreadable for other users I
changed it to mode 600 (rw-------). But after a Tomcat restart the file is being
reset to mode 644 (rw-r--r--) and everybody can read the passwords.
Can this be configured anywhere or is it a bug?
regards
Robert
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org