On Thu, Sep 7, 2017 at 5:30 PM, Christopher Schultz <ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Chris, > > On 9/5/17 4:42 PM, Chris Cheshire wrote: >> On Tue, Sep 5, 2017 at 2:07 PM, Christopher Schultz >> <ch...@christopherschultz.net> wrote: >>> If I were king, I'd set things up like this: >>> >>> 1. Tomcat is installed in /usr/local/tomcat (or >>> /usr/local/tomcat-x.y.z, or /opt/whatever, etc.). >> >> >> Looks like I do need to adjust default permissions on this if I >> expand as root. >> >> The tarball leaves me with >> >> [root@host apache-tomcat-8.5.20]# ls -al total 124 drwxr-xr-x 9 >> root root 4096 Sep 5 20:31 . drwxr-xr-x 14 root root 4096 Sep 5 >> 20:31 .. -rw-r----- 1 root root 57092 Aug 2 21:36 LICENSE >> -rw-r----- 1 root root 1723 Aug 2 21:36 NOTICE -rw-r----- 1 >> root root 7064 Aug 2 21:36 RELEASE-NOTES -rw-r----- 1 root root >> 15946 Aug 2 21:36 RUNNING.txt drwxr-x--- 2 root root 4096 Sep 5 >> 20:31 bin drwx------ 2 root root 4096 Aug 2 21:36 conf >> drwxr-x--- 2 root root 4096 Sep 5 20:31 lib drwxr-x--- 2 root >> root 4096 Aug 2 21:35 logs drwxr-x--- 2 root root 4096 Sep 5 >> 20:31 temp drwxr-x--- 7 root root 4096 Aug 2 21:36 webapps >> drwxr-x--- 2 root root 4096 Aug 2 21:35 work >> >> >> What should the permissions, owner & group be set to for >> CATALINA_HOME if I am running separate instances per user? > > It doesn't really matter. You just need to make sure that your "users" > can read the default config files -- especially conf/web.xml and > conf/tomcat.xml which usually shouldn't be modified from their > defaults anyway. > > I've always been irritated that the conf/ directory is only readable > by the owner in the tarball. Maybe I'll agitate to get that changed, > and only protect conf/server.xml and conf/tomcat-users.xml in that way. > > - -chris
Thanks, I'm just wary of giving everyone read permission to something that starts out without it, especially when installed by root. The only change I made to the default config anyway was to remove tomcat-users.xml since I have a JDBC realm for restricting access to the manager webapp. Chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
