tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <>
Subject RE: tomat8.5 write logs with incorret os permission
Date Fri, 05 Aug 2016 04:25:25 GMT
> From: 韭菜 [] 
> Subject: tomat8.5 write logs with incorret os permission

> When using tomcat8.0, it starts and write logs as follows: 
> (apache-tomcat-8.0.x) -rw-rw-r-- 1 app app 873710 Aug  4 20:08 catalina.log  
> When using tomcat8.5.x (include tomcat 9.0.x), it starts and write logs as follows: 
> (apache-tomcat-8.5.4) -rw-r----- 1 app app 100824 Aug  4 20:10 catalina.log 

A highly appropriate change, much needed to prevent untrusted users from accessing private
information in the log.

> So, tomcat8.5 caused other os users can not read its logs and webapps logs that deployed

> at tomcat8.5. the logs files should has permission 664, not 640.

Definitely not a good idea.

> I thinks it is not good for java webapp devlopers ,  when my web app write logs as 
> data log, the logs files can not rsync by other users and hosts.

As it should be.

> but it works at tomcat7.0.x and tomcat8.0.x

"Works" is your definition; any site interested at all in secure operations would consider
the old permissions to be dangerous and broken.

> So I asked users to require further support for tomcat8.x write log files feature.

Definitely a bad idea to relax the default permissions back to where they were.  If you want
to expose your own system to abuse, you can set umask as documented in the changelog.

 - Chuck

for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message