Your message dated Tue, 24 Nov 2020 07:33:34 +0000 with message-id <[email protected]> and subject line Bug#926338: fixed in tomcat9 9.0.40-1 has caused the Debian Bug report #926338, regarding tomcat9: tomcat user's home folder is '/' to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 926338: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926338 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: tomcat9 Version: 9.0.16-1~bpo9+1 Severity: important Tags: d-i Dear Maintainer, With default `tomcat9` installation a system user is created as per the following instructions: # Create the tomcat user as defined in /usr/lib/sysusers.d/tomcat9.conf systemd-sysusers /usr/lib/sysusers.d/tomcat9.conf: #Type Name ID GECOS Home directory Shell u tomcat - "Apache Tomcat" - /usr/sbin/nologin Which results in `/` (root folder) as a home dir grep tomcat /etc/passwd | awk -F: '{ print $6}' / A problem begins when some of Tomcat's webapps are trying to access $HOME for writing. That's completely another question about _why_ they want to write to $HOME. But the whole idea having `/` as home dir is definitely insecure. -- System Information: Debian Release: 9.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-0.bpo.2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages tomcat9 depends on: ii lsb-base 9.20161125 ii systemd 241-1~bpo9+1 ii tomcat9-common 9.0.16-1~bpo9+1 ii ucf 3.0036 Versions of packages tomcat9 recommends: ii libtcnative-1 1.2.21-1~bpo9+1 Versions of packages tomcat9 suggests: ii tomcat9-admin 9.0.16-1~bpo9+1 pn tomcat9-docs <none> pn tomcat9-examples <none> ii tomcat9-user 9.0.16-1~bpo9+1 -- no debconf information
--- End Message ---
--- Begin Message ---Source: tomcat9 Source-Version: 9.0.40-1 Done: Emmanuel Bourg <[email protected]> We believe that the bug you reported is fixed in the latest version of tomcat9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bourg <[email protected]> (supplier of updated tomcat9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Nov 2020 08:21:29 +0100 Source: tomcat9 Architecture: source Version: 9.0.40-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <[email protected]> Changed-By: Emmanuel Bourg <[email protected]> Closes: 926338 966338 Changes: tomcat9 (9.0.40-1) unstable; urgency=medium . [ Emmanuel Bourg ] * New upstream release - Refreshed the patches * Changed the home directory of the tomcat user to /var/lib/tomcat (Closes: #926338) . [ Vincent McIntyre ] * Automatically export the JAVA_HOME environment variable when the value is defined in /etc/defaults/tomcat9 (Closes: #966338) Checksums-Sha1: 477c9f9b1fabf43776a8af043b68cfe9868d6b87 2748 tomcat9_9.0.40-1.dsc d2cf0e74fadd0798ad4f68be96a39a1fe7948110 3933592 tomcat9_9.0.40.orig.tar.xz a389309765f7dd4d72ef6f7bddf12d6009803b99 33700 tomcat9_9.0.40-1.debian.tar.xz e64eb8139a592b58a8de35fb808cf13e82273e7c 13485 tomcat9_9.0.40-1_source.buildinfo Checksums-Sha256: 44ef26ba4b56134bce0a88351aa60c8cf64801fd0daf41fe8702fb099fad07d8 2748 tomcat9_9.0.40-1.dsc f0075897d1cee6c8f43a96bace03a8b9537c78a5ca69936c899002ae06878802 3933592 tomcat9_9.0.40.orig.tar.xz 1deafd4a3b1e58d0c769d0d81b1beef1b0c371a0f977b5a0f2b12dbd8e84358b 33700 tomcat9_9.0.40-1.debian.tar.xz bc404ebd810cc24bff034cbb8f88a4f8e830385d586c0e10d8f7759a98e8eebd 13485 tomcat9_9.0.40-1_source.buildinfo Files: d0817f4521316ed7f9dd39efde40896e 2748 java optional tomcat9_9.0.40-1.dsc 5c184b3b4583b3f90f5e22c045925fab 3933592 java optional tomcat9_9.0.40.orig.tar.xz 6c642b4ea18981c20beecf18e908fab7 33700 java optional tomcat9_9.0.40-1.debian.tar.xz 9ec2922e4ccde077f0dd2bcd24e2f730 13485 java optional tomcat9_9.0.40-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAl+8tKUSHGVib3VyZ0Bh cGFjaGUub3JnAAoJEPUTxBnkudCsYJEP/A3Rn9SYFuR6gaxCCa0afOs8V4jO6lTP DI3Z+0Eva3cYCOFGKs0c/mNCEhbCAwsVQUQ+sAnFV7M0oLv+20pmYzeSrwBHbiBm /oce+HUFfqGv2yHjnGDXi7qrUa+r7lRdKq/y3+9bOvMsWVbML/Z5b7XV/6W5MeqM giwId0WWO9KVrCnfF6wWC4/ZooIGBzd2UOL7BF+5g6sHMfux4otyi+gOk4L+8sOv J6y9J6svDCzkn+Gfq6fzee5zRzvdPCAwAWpg93wRFTmiKPg2RkbuO1qTwBxxVDpX 2tVcjp0JbiT3RPisf2VMD1qJIXnaM9ANyIUl0cc56kIZo64gCVC5mn2eLwCGNwiC PtUzXGOVcUO/j0XwZMfXITG4gV2WpbXYSKIPHajKT1QkIFcWoH9sA41A75OCK+DR WeGKiX/CnugLxjaChvT7wTpNyuE5hTA1fkk9A4Pps5CA5L6//Z0EP90Cba7rHGle J9i1mmRp0hFbAP5wW8RvUu2dpkQ2KV+DBnS2gR43/ktBmvEpQeeeZZXUuD1fIL5+ 1tN3tZTwXO2gGafAEmJVu7jfpJl211HTZInbHnHUqzTHOuWlhpAUv7XaJ5rGmDQX 0vuwDG3y/9Oqq1SwROaQbJDgkQMWpmFAOkYZUe1/X4nX25TMp5FB8ujVXVkFcvYh ceMv02puOnKw =0kqi -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
