Bug#825786: tomcat8: postinst script overwrites file permissions in /etc
Emmanuel Bourg
ebourg at apache.org
Wed Jul 27 09:55:26 UTC 2016
Le 22/07/2016 à 23:18, Markus Koschany a écrit :
> I would like to go ahead with this solution in unstable. I don't think
> that changing the permissions in /etc/tomcat8/policy.d (security
> manager) to root:root will have a negative effect, on the contrary.
> Those rules should only be modifiable by the system administrator anyway.
Currently the files in /etc/tomcat8/policy.d are owned by root:tomcat8
with 644 permissions. Only the administrator can modify them, so
switching to root:root will not change anything.
> Regarding /etc/tomcat8/Catalina I couldn't find any information that
> indicate a necessity for write access to this directory. It would also
> be wrong if a process wrote to /etc because all files in /etc should be
> static according to the FHS.
The Catalina directory is used to store the context.xml files from the
deployed webapps. See:
https://tomcat.apache.org/tomcat-8.0-doc/config/context.html#Defining_a_context
"Individual Context elements may be explicitly defined: In an
individual file at /META-INF/context.xml inside the application files.
Optionally (based on the Host's copyXML attribute) this may be copied
to $CATALINA_BASE/conf/[enginename]/[hostname]/ and renamed to
application's base file name plus a ".xml" extension."
I agree this feature isn't FHS compliant but I can't see a better
alternative for now. If we were to change that I'd prefer doing it in
the new tomcat9 package to avoid disrupting existing installations.
> I would also update the Tomcat7 package.
Since we are going to remove tomcat7 I don't think it's worth updating it.
More information about the pkg-java-maintainers
mailing list