tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Cheshire <yahoono...@gmail.com>
Subject Re: 8.5 - multiple host configuration question
Date Sat, 09 Sep 2017 01:08:48 GMT
On Thu, Sep 7, 2017 at 5:30 PM, Christopher Schultz
<chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Chris,
>
> On 9/5/17 4:42 PM, Chris Cheshire wrote:
>> On Tue, Sep 5, 2017 at 2:07 PM, Christopher Schultz
>> <chris@christopherschultz.net> wrote:
>>> If I were king, I'd set things up like this:
>>>
>>> 1. Tomcat is installed in /usr/local/tomcat (or
>>> /usr/local/tomcat-x.y.z, or /opt/whatever, etc.).
>>
>>
>> Looks like I do need to adjust default permissions on this if I
>> expand as root.
>>
>> The tarball leaves me with
>>
>> [root@host apache-tomcat-8.5.20]# ls -al total 124 drwxr-xr-x  9
>> root root  4096 Sep  5 20:31 . drwxr-xr-x 14 root root  4096 Sep  5
>> 20:31 .. -rw-r-----  1 root root 57092 Aug  2 21:36 LICENSE
>> -rw-r-----  1 root root  1723 Aug  2 21:36 NOTICE -rw-r-----  1
>> root root  7064 Aug  2 21:36 RELEASE-NOTES -rw-r-----  1 root root
>> 15946 Aug  2 21:36 RUNNING.txt drwxr-x---  2 root root  4096 Sep  5
>> 20:31 bin drwx------  2 root root  4096 Aug  2 21:36 conf
>> drwxr-x---  2 root root  4096 Sep  5 20:31 lib drwxr-x---  2 root
>> root  4096 Aug  2 21:35 logs drwxr-x---  2 root root  4096 Sep  5
>> 20:31 temp drwxr-x---  7 root root  4096 Aug  2 21:36 webapps
>> drwxr-x---  2 root root  4096 Aug  2 21:35 work
>>
>>
>> What should the permissions, owner & group be set to for
>> CATALINA_HOME if I am running separate instances per user?
>
> It doesn't really matter. You just need to make sure that your "users"
> can read the default config files -- especially conf/web.xml and
> conf/tomcat.xml which usually shouldn't be modified from their
> defaults anyway.
>
> I've always been irritated that the conf/ directory is only readable
> by the owner in the tarball. Maybe I'll agitate to get that changed,
> and only protect conf/server.xml and conf/tomcat-users.xml in that way.
>
> - -chris

Thanks,

I'm just wary of giving everyone read permission to something that starts out
without it, especially when installed by root. The only change I made to the
default config anyway was to remove tomcat-users.xml since I have a
JDBC realm for restricting access to the manager webapp.


Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message