Christopher, On Tue, Nov 30, 2010 at 10:33 PM, Christopher Schultz <ch...@christopherschultz.net> wrote: > > Apache httpd acts this way: > Sure, since Apache is usually started within root-context ("sbin") - so that does make sense.
When talking about servers, I'm not talking about a webserver but a server such as Debian, RedHat etc. And if you take a look into /var/logs, you can see exactly, that the logs inside this directory partly don't belong to root as long as they are not run within a root-context. A good example ist mysql: -rw-rw---- 1 mysql adm 344379 2009-09-30 12:13 mysql-full.log And this is exactly the way it should be. For the rest, I'm completely with you, and the solutions you pointed out will work and already crossed my mind, except that the directory is alreday umasked to 0022, still, catalina.out gives -rw------- 1 root root 7395 2010-12-01 11:51 catalina.out Any hints on that? But what's really puzzling me - and for which I don't have any explanation - is, that with the old version of jsvc, catalina.out had ${TOMCAT_USER}-ownership (mind you: in the startup-script there's a "su ${TOMCAT-USER} before starting jsvc), and to me it seems that this has changed with the new version. Furthermore, I'd like to give you some insights of a "Real Life"-external-managed-services-root-server-installation within a big financial coperation: Here - and in quite some other companies I do know - it's common practice to host the servers externally, having managed services. Usually, this implies that you don't have root-access, simply for liability-reasons. However, only basic Tomcat-maintenance is done by the external hoster, and when deploying new webapps, our developers need to be able to read al logs. Therefore, such a behaviour as seen by the latest jsvc is making developer's life quite complicated. Anyhow, I guess I'll go for a chown inside the startup-script for now. Thanks Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org