Hi > Each time tomcat is restarted the file tomcat-users.xml is rewritten. It is horrible since my umask being 0022 the file which stores passwords become world readable. Obviously this file has to be read my the server but I do not see any valuable reason to write it back opening a serious security hole.
PLEASE, search the archive of this list before mailing. This question, including some ways around it have been on the list recently. See also posting of Yoav below. Regards, Steffen -----Urspr�ngliche Nachricht----- Von: Shapira, Yoav [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 15. September 2004 20:48 An: Tomcat Users List Betreff: RE: Why does startup of Tomcat 5.0.28 server make tomcat-users.xml world-readable?... Hi, >However, I still wonder: >1. Why does Tomcat re-write the tomcat-users.xml file at > startup? This I already answered: Tomcat rewrites the tomcat-users.xml at startup to ensure it has permissions on it, because the admin webapp must have these permissions to allow editing of user information. >2. Why does it use the umask value instead of just leaving > the protections as they were before it updated the file? This is the java.io.File default behavior: we don't modify anything and don't want to have platform-specific or native code in Tomcat. If you look at the java.io.File JavaDoc, you'll see there's no portable way to control this. >3. Isn't this a problem for most Tomcat installations, since > without the umask I had applied to my tomcat user, the > default umask is 002, not 022, so the tomcat-users.xml > file would be changed to 664, not merely 644, at each > startup? Seems like the default Tomcat behavior > introduces a security risk. Judging by the fact this is raised about once a year on the mailing list, I'd say the majority of people don't care. Secure installations take care with their umasks from the beginning, so for them this is not an issue. Yoav
smime.p7s
Description: S/MIME cryptographic signature
