When building the "axis2.war" we use the ant:war [1] task and this is an extension of the ant:jar task[2]. The ant:jar task is not capable of preserving the file permissions hence I believe war task inherits the same incapability.
The only way to preserve preserve file permissions that I have come across is using the ant:tar task :[3]. Any suggestions to build the war while preserving file permissions? Thanks, Ruchith [1] http://ant.apache.org/manual/CoreTasks/war.html [2] http://ant.apache.org/manual/CoreTasks/jar.html [3] http://ant.apache.org/manual/CoreTasks/tar.html On 5/12/06, robert lazarski <[EMAIL PROTECTED]> wrote:
Thinking about this a little more, actually you're right. Looking at tomcat - which you seem to be using - all the files under conf are already set to 600. Could you file a jira? Robert http://www.braziloutsource.com/ On 5/12/06, Bram Biesbrouck <[EMAIL PROTECTED]> wrote: > I know, but why doesn't the default behaviour doesn't do that? > I guess there are a LOT of servers out there with that file in the open... > > b. > > Op Friday 12 mei 2006 16:30, schreef robert lazarski: > > Try: > > > > chmod 600 /var/lib/tomcat4/webapps/axis2 > > > > > /WEB-INF/conf/axis2.xml > > > > That'll make the file read / writable by only the owner. Other accounts > > won't be able to access it. > > > > To make it read-only by only the ownew: > > > > chmod 400 /var/lib/tomcat4/webapps/axis2 > > > > > /WEB-INF/conf/axis2.xml > > > > HTH, > > Robert > > http://www.braziloutsource.com/ > > > > On 5/12/06, Bram Biesbrouck <[EMAIL PROTECTED]> wrote: > > > Hi all, > > > > > > When I deploy axis2.war in Tomcat, the file > > > > > > /var/lib/tomcat4/webapps/axis2/WEB-INF/conf/axis2.xml > > > (where the admin-pass is stored) > > > > > > is readable by all users on the system. > > > I'm using Debian sarge (stable). > > > > > > Am I missing something or is this a serious security issue? > > > > > > Bram >
