Bug#925929: tomcat9: /var/log/tomcat9 is owned by tomcat:tomcat instead of tomcat:adm and not setgid
On Fri, 29 Mar 2019, Emmanuel Bourg wrote: > The setgid bit is a good idea, otherwise the log files are only readable > by the tomcat group, and the adm group can't access them. In Debian at Indeed. Does this mean you agree with the patch I pushed to the git branch? > least exim4, mariadb, salt and ejabberd do this to the log directory. > jetty9 will need the same treatment. Sorry, I don't have either of them installed anywhere. bye, //mirabilos -- tarent solutions GmbH Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/ Tel: +49 228 54881-393 • Fax: +49 228 54881-235 HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941 Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg * **!!! NEU !!!** Mit der **tarent Academy** bieten wir ab sofort auch Trainings und Schulungen in den Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an. Besuchen Sie uns auf [www.tarent.de/academy](http://www.tarent.de/academy). Wir freuen uns auf Ihren Kontakt. *
Bug#925929: tomcat9: /var/log/tomcat9 is owned by tomcat:tomcat instead of tomcat:adm and not setgid
Le 28/03/2019 à 18:42, Thorsten Glaser a écrit : > Furthermore, /var/log/tomcat9 should be chmod 2750 not 750 > so that the logfiles are accessible by the adm group, as > Debian commonplace. The setgid bit is a good idea, otherwise the log files are only readable by the tomcat group, and the adm group can't access them. In Debian at least exim4, mariadb, salt and ejabberd do this to the log directory. jetty9 will need the same treatment. Emmanuel Bourg
Bug#925929: tomcat9: /var/log/tomcat9 is owned by tomcat:tomcat instead of tomcat:adm
Emmanuel Bourg dixit: >It's different from tomcat8, why do you think it is wrong? Because it’s customary, on Debian, that a user who is member of the group adm can read logs. (I’ve not checked whether this is an actual policy or where.) bye, //mirabilos -- “ah that reminds me, thanks for the stellar entertainment that you and certain other people provide on the Debian mailing lists │ sole reason I subscribed to them (I'm not using Debian anywhere) is the entertainment factor │ Debian does not strike me as a place for good humour, much less German admin-style humour”
Bug#925929: tomcat9: /var/log/tomcat9 is owned by tomcat:tomcat instead of tomcat:adm
Le 28/03/2019 à 18:37, Thorsten Glaser a écrit : > commit aeff1188eaab8dbe99bb1fec62472d9c2ff1d876 changed the way > the log directory was created, and (probably a pasto) uses the > wrong ownership. It's different from tomcat8, why do you think it is wrong? Emmanuel Bourg
Bug#925929: tomcat9: /var/log/tomcat9 is owned by tomcat:tomcat instead of tomcat:adm and not setgid
retitle 925929 tomcat9: /var/log/tomcat9 is owned by tomcat:tomcat instead of tomcat:adm and not setgid thanks On Thu, 28 Mar 2019, Thorsten Glaser wrote: > commit aeff1188eaab8dbe99bb1fec62472d9c2ff1d876 changed the way > the log directory was created, and (probably a pasto) uses the > wrong ownership. Furthermore, /var/log/tomcat9 should be chmod 2750 not 750 so that the logfiles are accessible by the adm group, as Debian commonplace. bye, //mirabilos -- tarent solutions GmbH Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/ Tel: +49 228 54881-393 • Fax: +49 228 54881-235 HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941 Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg * **!!! NEU !!!** Mit der **tarent Academy** bieten wir ab sofort auch Trainings und Schulungen in den Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an. Besuchen Sie uns auf [www.tarent.de/academy](http://www.tarent.de/academy). Wir freuen uns auf Ihren Kontakt. *
Bug#925929: tomcat9: /var/log/tomcat9 is owned by tomcat:tomcat instead of tomcat:adm
Package: tomcat9 Version: 9.0.16-3 Severity: important commit aeff1188eaab8dbe99bb1fec62472d9c2ff1d876 changed the way the log directory was created, and (probably a pasto) uses the wrong ownership. -- System Information: Debian Release: buster/sid APT prefers unreleased APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable') Architecture: x32 (x86_64) Foreign Architectures: i386, amd64 Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages tomcat9 depends on: ii adduser 3.118 ii lsb-base10.2019031300 ii tomcat9-common 9.0.16-4 ii ucf 3.0038+nmu1 Versions of packages tomcat9 recommends: ii libtcnative-1 1.2.21-1 Versions of packages tomcat9 suggests: pn tomcat9-admin pn tomcat9-docs pn tomcat9-examples pn tomcat9-user -- Configuration Files: /etc/tomcat9/policy.d/01system.policy [Errno 13] Permission denied: '/etc/tomcat9/policy.d/01system.policy' /etc/tomcat9/policy.d/02debian.policy [Errno 13] Permission denied: '/etc/tomcat9/policy.d/02debian.policy' /etc/tomcat9/policy.d/03catalina.policy [Errno 13] Permission denied: '/etc/tomcat9/policy.d/03catalina.policy' /etc/tomcat9/policy.d/04webapps.policy [Errno 13] Permission denied: '/etc/tomcat9/policy.d/04webapps.policy' /etc/tomcat9/policy.d/50local.policy [Errno 13] Permission denied: '/etc/tomcat9/policy.d/50local.policy' -- no debconf information