This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Talk:Securing tomcat"

From OWASP
Jump to: navigation, search
(Added questions on UNIX permissions.)
Line 1: Line 1:
 
What's the best way to acknowledge the contributions of others as I'd like to add some thanks to Kris Easter, Michel Prunet and Stephen More.  This discussion area?  In brackets after the article link from [https://www.owasp.org/index.php/OWASP_Java_Project_Roadmap#Securing_Popular_J2EE_Servers Java Project Roadmap] ? [[User:Dledmonds|Darren]] 08:58, 27 October 2006 (EDT)
 
What's the best way to acknowledge the contributions of others as I'd like to add some thanks to Kris Easter, Michel Prunet and Stephen More.  This discussion area?  In brackets after the article link from [https://www.owasp.org/index.php/OWASP_Java_Project_Roadmap#Securing_Popular_J2EE_Servers Java Project Roadmap] ? [[User:Dledmonds|Darren]] 08:58, 27 October 2006 (EDT)
 +
 +
==UNIX Permissions==
 +
 +
> Change files in CATALINA_HOME/conf to be readonly (440)
 +
 +
Initially these are 600. Is there a need to make them group-readable?
 +
 +
> Make sure tomcat user has ... write (220 - yes, only write) access to CATALINA_HOME/logs
 +
 +
You can't create files in a dir that is 220, I have tried and see [http://www.cpqlinux.com/permissions.html]. Does Tomcat use some form of cunning to create its logs in such a dir? If not I think the best that can be done here is 330. (Or even 300?)
 +
 +
[[User:Combatopera|Combatopera]] 15:53, 12 November 2006 (EST)

Revision as of 20:53, 12 November 2006

What's the best way to acknowledge the contributions of others as I'd like to add some thanks to Kris Easter, Michel Prunet and Stephen More. This discussion area? In brackets after the article link from Java Project Roadmap ? Darren 08:58, 27 October 2006 (EDT)

UNIX Permissions

> Change files in CATALINA_HOME/conf to be readonly (440)

Initially these are 600. Is there a need to make them group-readable?

> Make sure tomcat user has ... write (220 - yes, only write) access to CATALINA_HOME/logs

You can't create files in a dir that is 220, I have tried and see [1]. Does Tomcat use some form of cunning to create its logs in such a dir? If not I think the best that can be done here is 330. (Or even 300?)

Combatopera 15:53, 12 November 2006 (EST)