clone 821391 -1 reassign -1 src:tomcat8 retitle -1 tomcat8: postinst script overwrites file permissions in /etc thanks
This bug also affects Tomcat 8. I have prepared another security update and I intend to change the current behavior in Jessie and Sid for new installations to avoid similar breakage when upgrading Tomcat 8. Currently tomcat8.postinst changes file ownership of all files in /etc/tomcat8 to root:tomcat8. I think this isn't necessary because the default is to use root:root (rw-r-r) which ensures that all configuration files can still be read by Tomcat8. The only security relevant file is /etc/tomcat8/tomcat-users.xml in the default Debian configuration. I propose to modify only this one by changing the line chown -Rh root:$TOMCAT8_GROUP /etc/tomcat8/* to chown root:$TOMCAT8_GROUP /etc/tomcat8/tomcat-users.xml This should address the issue. Markus
signature.asc
Description: OpenPGP digital signature
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.