Talk:Securing tomcat

From OWASP
Revision as of 06:45, 17 November 2006 by Dledmonds (Talk | contribs)

Jump to: navigation, search

What's the best way to acknowledge the contributions of others as I'd like to add some thanks to Kris Easter, Michel Prunet and Stephen More. This discussion area? In brackets after the article link from Java Project Roadmap ? Darren 08:58, 27 October 2006 (EDT)

UNIX Permissions

> Change files in CATALINA_HOME/conf to be readonly (440)

Initially these are 600 (except for tomcat-users.xml which is 644 and Tomcat keeps it that way). Is there a need to make them group-readable?

> Make sure tomcat user has ... write (220 - yes, only write) access to CATALINA_HOME/logs

This doesn't work. I think the best that can be done here is 750 or 700.

Combatopera 15:53, 12 November 2006 (EST)

You're right, those permission values were a hasty addition without being tested correctly. I'll test them properly and update the documentation accordingly. You mention 750 or 700 for the logs dir, what problems did you find with 300? Darren 06:45, 17 November 2006 (EST)