tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 19483] New: - tomcat-users.xml is reset to read all
Date Wed, 30 Apr 2003 15:06:09 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19483>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19483

tomcat-users.xml is reset to read all

           Summary: tomcat-users.xml is reset to read all
           Product: Tomcat 4
           Version: 4.1.24
          Platform: Other
        OS/Version: AIX
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Unknown
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: robert.widmer@omv.com


I am using Tomcat 4.1.24 on AIX 4.3.3. In tomcat-users.xml there is the password
of the admin user in plain text. To make the file unreadable for other users I
changed it to mode 600 (rw-------). But after a Tomcat restart the file is being
reset to mode 644 (rw-r--r--) and everybody can read the passwords.

Can this be configured anywhere or is it a bug?

regards
Robert

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message