Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 13th August 2007, 04:46 PM
Sammy_Sam Offline
Registered User
 
Join Date: Aug 2007
Posts: 1
Question Fedora 7 Tomcat5 tomcat-users.xml

I been trying to configure tomcat5 for a web application i am setting up, while configuring the admin webapp for time I noticed that I could read the contents of $CATALINA_HOME/conf/tomcat-users.xml as a normal users (Non-Root) . I found this odd that the file had read set for others when the passwords in this file are in plain text . I also found out that even if I change the permission to only let owner and group has access, each time I restarted tomcat it would reset the permission and give others read. I was able to find a post with a similar issue for Debian Bug#434762: tomcat5.5: tomcat-users.xml contains sensitive data, yet it is world-readable. In that post they stated that this use a bug, and that it should be fixed, but the parent folder was not readable to others, I have found that this is not the case in Fedora.

Besides change the umask for all users and/or the tomcat users in Fedora 7 how can I get tomcat5 not to create the tomcat-users.xml with others set to read?

Last edited by Sammy_Sam; 13th August 2007 at 04:48 PM.
Reply With Quote
Reply

Tags
fedora, tomcat5, tomcatusersxml

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Tomcat5 trouble on Fedora Core 6, how do I start tomcat 5? tomzam Servers & Networking 17 1st May 2012 02:26 PM
How to allow users run their own instance of Tomcat chicom9 Servers & Networking 0 16th September 2007 04:56 PM
tomcat5 started with error, cant not login to tomcat manager lnthai2002 Servers & Networking 1 10th January 2007 06:39 PM
tomcat cofiguraition for individual users epattam Servers & Networking 5 2nd November 2006 06:45 PM


Current GMT-time: 07:03 (Saturday, 25-10-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Petlad Photos on Instagram - Kaohsiung - Shamsabad Travel Photos