In this light: chmodding the whole axis2 directory to 600 isn't a good practice, since it must remain accessible (chmod -x to a directory prevents access).
Is it sufficient to chmod conf/axis.xml to read-only, or are there other files that must be protected? Bram Op Friday 12 mei 2006 20:43, schreef Ruchith Fernando: > When building the "axis2.war" we use the ant:war [1] task and this is > an extension of the ant:jar task[2]. The ant:jar task is not capable > of preserving the file permissions hence I believe war task inherits > the same incapability. > > The only way to preserve preserve file permissions that I have come > across is using the ant:tar task :[3]. > > Any suggestions to build the war while preserving file permissions? > > Thanks, > Ruchith > > [1] http://ant.apache.org/manual/CoreTasks/war.html > [2] http://ant.apache.org/manual/CoreTasks/jar.html > [3] http://ant.apache.org/manual/CoreTasks/tar.html > > On 5/12/06, robert lazarski <[EMAIL PROTECTED]> wrote: > > Thinking about this a little more, actually you're right. Looking at > > tomcat - which you seem to be using - all the files under conf are > > already set to 600. Could you file a jira? > > > > > > Robert > > http://www.braziloutsource.com/ > > > > On 5/12/06, Bram Biesbrouck <[EMAIL PROTECTED]> wrote: > > > I know, but why doesn't the default behaviour doesn't do that? > > > I guess there are a LOT of servers out there with that file in the > > > open... > > > > > > b. > > > > > > Op Friday 12 mei 2006 16:30, schreef robert lazarski: > > > > Try: > > > > > > > > chmod 600 /var/lib/tomcat4/webapps/axis2 > > > > > > > > > /WEB-INF/conf/axis2.xml > > > > > > > > That'll make the file read / writable by only the owner. Other > > > > accounts won't be able to access it. > > > > > > > > To make it read-only by only the ownew: > > > > > > > > chmod 400 /var/lib/tomcat4/webapps/axis2 > > > > > > > > > /WEB-INF/conf/axis2.xml > > > > > > > > HTH, > > > > Robert > > > > http://www.braziloutsource.com/ > > > > > > > > On 5/12/06, Bram Biesbrouck <[EMAIL PROTECTED]> wrote: > > > > > Hi all, > > > > > > > > > > When I deploy axis2.war in Tomcat, the file > > > > > > > > > > /var/lib/tomcat4/webapps/axis2/WEB-INF/conf/axis2.xml > > > > > (where the admin-pass is stored) > > > > > > > > > > is readable by all users on the system. > > > > > I'm using Debian sarge (stable). > > > > > > > > > > Am I missing something or is this a serious security issue? > > > > > > > > > > Bram --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
