[evla-sw-discuss] webtest tomcat changes
Stephan Witz
switz at nrao.edu
Wed Apr 25 16:32:02 EDT 2007
The changes I made to occam today seem to have worked out well;
occam's tomcat init script now sets a restrictive umask before
starting the service, with the effect that files tomcat writes
are no longer world readable. This was done to protect the tomcat
admin account and to hide oracle account information resident in
hibernate properties files. Some consequences:
1) You can no longer deploy webapps by just copying you war file
into place and/or restarting tomcat: you'll need to use tomcat's
administration web interface to do that. The permissions and
group of that directory have been changed accordingly.
2) Since the tomcat administration account's name and password are
now protected we'll be changing the password to it soon. I'll be
in touch with the new password once it has been changed.
3) You can still read the log files, those end up being owned by
group e2eweb and group readable.
My intention is to push these changes onto the production machines
during next week's maint time. Once the dust settles I'll turn my
attention to the other tomcat servers (mctest, mcmonitor, ballista).
--
| Linux n. A highly robust computer virus attacking and replacing
| less fit computer operating systems with more healthy ones at an
| exponential rate; upgrade by natural selection. Kyle Amon, SANS 99.
|
`--switz at nrao.edu, Stephan Witz: systems dude, tool of the Man.
More information about the evla-sw-discuss
mailing list