file ownership of webapps and below

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

file ownership of webapps and below

Christoph P.U. Kukulies

I found there are some mismatches in file ownership from manual installation and moving around webapps  trees from different tomcat versions.
My current tomcat (9)  runs under user.group tomcat.tomcat. A couple of files have ownership

root.tomcat
tomcat8.<unknown group>

Would it be ok to chown all files below and including webapps to tomcat.tomcat?


Christoph


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: file ownership of webapps and below

Olaf Kock

On 14.07.20 11:12, Christoph Kukulies wrote:
> I found there are some mismatches in file ownership from manual installation and moving around webapps  trees from different tomcat versions.
> My current tomcat (9)  runs under user.group tomcat.tomcat. A couple of files have ownership
>
> root.tomcat
> tomcat8.<unknown group>
>
> Would it be ok to chown all files below and including webapps to tomcat.tomcat?

It depends (TM)


There are those who can't operate without tomcat having write access to
its own operations, e.g. because they rely on the manager app for
deployments.

And there are those who prefer Tomcat to not have any write access to
its own applications, as a means of hardening the installation.

My preference is to limit write permissions (and ownership) to temp,
work and logs. Your mileage may vary.


Olaf



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]