Return-Path: 
 <tomcat-dev-return-29193-qmlist-jakarta-archive-tomcat-dev=nagoya.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org
Received: (qmail 11733 invoked from network); 30 Apr 2003 15:04:36 -0000
Received: from exchange.sun.com (192.18.33.10)
  by daedalus.apache.org with SMTP; 30 Apr 2003 15:04:36 -0000
Received: (qmail 29775 invoked by uid 97); 30 Apr 2003 15:06:37 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-dev@nagoya.betaversion.org
Received: (qmail 29768 invoked from network); 30 Apr 2003 15:06:36 -0000
Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12)
  by nagoya.betaversion.org with SMTP; 30 Apr 2003 15:06:36 -0000
Received: (qmail 9902 invoked by uid 500); 30 Apr 2003 15:04:09 -0000
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-dev-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-dev-help@jakarta.apache.org>
List-Post: <mailto:tomcat-dev@jakarta.apache.org>
List-Id: "Tomcat Developers List" <tomcat-dev.jakarta.apache.org>
Reply-To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 9860 invoked from network); 30 Apr 2003 15:04:08 -0000
Received: from exchange.sun.com (192.18.33.10)
  by daedalus.apache.org with SMTP; 30 Apr 2003 15:04:08 -0000
Received: (qmail 29750 invoked by uid 50); 30 Apr 2003 15:06:09 -0000
Date: 30 Apr 2003 15:06:09 -0000
Message-ID: <20030430150609.29749.qmail@nagoya.betaversion.org>
From: bugzilla@apache.org
To: tomcat-dev@jakarta.apache.org
Cc: 
Subject: DO NOT REPLY [Bug 19483] New:  -
    tomcat-users.xml is reset to read all
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19483>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19483

tomcat-users.xml is reset to read all

           Summary: tomcat-users.xml is reset to read all
           Product: Tomcat 4
           Version: 4.1.24
          Platform: Other
        OS/Version: AIX
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Unknown
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: robert.widmer@omv.com


I am using Tomcat 4.1.24 on AIX 4.3.3. In tomcat-users.xml there is the password
of the admin user in plain text. To make the file unreadable for other users I
changed it to mode 600 (rw-------). But after a Tomcat restart the file is being
reset to mode 644 (rw-r--r--) and everybody can read the passwords.

Can this be configured anywhere or is it a bug?

regards
Robert

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org