packages: tomcat/tomcat.spec - better permission for /var/lib/tomcat and so...

Thu Dec 3 18:10:27 CET 2009

Author: pawelz                       Date: Thu Dec  3 17:10:27 2009 GMT
Module: packages                      Tag: HEAD
---- Log message:
- better permission for /var/lib/tomcat and some subdirs:
- some stupid java apps (opensso for example) need write acess to /var/lib/tomcat, but they don't write anything there.
- no need for sticky bit for /var/lib/work
- no rx for "other". Tomcat config/cache/temporary dirs may contain some private data like passwords

---- Files affected:
packages/tomcat:
   tomcat.spec (1.141 -> 1.142) 

---- Diffs:

================================================================
Index: packages/tomcat/tomcat.spec
diff -u packages/tomcat/tomcat.spec:1.141 packages/tomcat/tomcat.spec:1.142

--- packages/tomcat/tomcat.spec:1.141	Tue Oct 27 19:23:53 2009
+++ packages/tomcat/tomcat.spec	Thu Dec  3 18:10:22 2009
@@ -366,20 +366,20 @@
 
 %{_tomcatdir}/logs
 %{_tomcatdir}/work
-%dir %{_vardir}
+%dir %attr(770,root,tomcat) %{_vardir}
 # these directory has to be writeable because /admin need to modify config
 # files and create temporary files
-%dir %attr(775,root,tomcat) %{_vardir}/conf
-%dir %attr(775,root,tomcat) %{_vardir}/conf/Catalina
+%dir %attr(770,root,tomcat) %{_vardir}/conf
+%dir %attr(770,root,tomcat) %{_vardir}/conf/Catalina
 %dir %{_vardir}/conf/Catalina/localhost
 # tomcat config has to be writeable because of tomcat-users.xml file and Catalina dir
 %config(noreplace) %attr(660,root,tomcat) %verify(not md5 mtime size) %{_vardir}/conf/catalina.policy
 %config(noreplace) %attr(660,root,tomcat) %verify(not md5 mtime size) %{_vardir}/conf/*.properties*
 %config(noreplace) %attr(660,root,tomcat) %verify(not md5 mtime size) %{_vardir}/conf/*.xml
-%dir %attr(1730,root,tomcat) %{_vardir}/work
-%dir %attr(775,root,tomcat) %{_vardir}/webapps
-%dir %attr(775,root,tomcat) %{_vardir}/temp
-%dir %attr(775,root,tomcat) %{_logdir}/tomcat
+%dir %attr(770,root,tomcat) %{_vardir}/work
+%dir %attr(770,root,tomcat) %{_vardir}/webapps
+%dir %attr(770,root,tomcat) %{_vardir}/temp
+%dir %attr(770,root,tomcat) %{_logdir}/tomcat
 %{_vardir}/logs
 
 %files webapp-docs
@@ -429,6 +429,12 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.142  2009/12/03 17:10:22  pawelz
+- better permission for /var/lib/tomcat and some subdirs:
+- some stupid java apps (opensso for example) need write acess to /var/lib/tomcat, but they don't write anything there.
+- no need for sticky bit for /var/lib/work
+- no rx for "other". Tomcat config/cache/temporary dirs may contain some private data like passwords
+
 Revision 1.141  2009/10/27 18:23:53  pawelz
 - drop R(post,postun) ldconfig
 
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/tomcat/tomcat.spec?r1=1.141&r2=1.142&f=u

