** Description changed: Binary package hint: tomcat6 On fresh Ubuntu 10.04 LTS install of tomcat6 6.0.24-2ubuntu1, the /var/lib/tomcat6/webapps has the following permissions: /var/lib/tomcat6/webapps drwxrwxr-x tomcat6 adm 'adm' seems like on odd default choice of group here, since typically people in the adm are allowed to read log files. The following command demonstrates this: $ sudo find / -group adm -ls I suggested fix is to change the group to 'tomcat6', since the directory already has 'r-x' for 'other'. This is not release critical for Lucid, but should be fixed nevertheless. + + == SRU Report == + Impact: + Members of the adm group can modify and deploy tomcat6 webapps. This group is not a tomcat6 admin group, it's a log files reading group. + + Development branch fix: + We are trying to keep sync with Debian, fix was proposed to debian-java SVN and pending release. + + Minimal patch: + http://bazaar.launchpad.net/~ttx/tomcat6/lucid-sru/revision/22 + + TEST CASE: + $ sudo apt-get install tomcat6 + $ ls -ld /var/lib/tomcat6/webapps + Affected version returns: drwxrwxr-x tomcat6:adm /var/lib/tomcat6/webapps + Fixed version returns: drwxrwxr-x tomcat6:tomcat6 /var/lib/tomcat6/webapps + + Regression potential: + Admins might have relied on giving people access to the "adm" group in order to let them deploy tomcat6 webapps, they would need to add their users to the "tomcat6" group instead.
-- improper group write permission for /var/lib/tomcat6/webapps https://bugs.launchpad.net/bugs/569118 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
