Description of problem: When creating multiple instances of tomcat, the file permissions of 750 on /var/log/tomcat are too strict. A logfile of /var/log/tomcat/$NAME-initd.log may be written here by an additional tomcat instance running as a different user. Version-Release number of selected component (if applicable): 7.0.33-4.el6 How reproducible: Always. Steps to Reproduce: 1. install the EPEL6 tomcat package, check the file permissions of /var/log/tomcat Additional info: /usr/share/tomcat/conf/tomcat-users.xml would also be more usefully chmod 664, as with the RHEL6 tomcat6 package. By default this contains nothing sensitive, and when running additional tomcat instances this allows for a symbolic link to be used when no customisation is needed.
ping
Can you confirm whether or not this is still a valid issue? The BZ is quite old. One thing to note is that if there is a user that's running tomcat, they should be in the appropriate group to write to the log directory. The only way that the tomcat package is more restrictive than the RHEL tomcat6 package in this regard is that it doesn't have o+rx. Note the differences below: # ll -d /var/log/tomcat* drwxrwx---. 2 tomcat root 4096 Aug 17 14:59 /var/log/tomcat drwxr-xr-x. 2 tomcat root 4096 Aug 17 14:59 /var/log/tomcat6 As far as tomcat-users.xml, I think that should probably stay the way it is however the tomcat6 package does have o+r, so I would be opening to make that change if you agree. # ll /etc/tomcat*/tomcat-users.xml -rw-rw-r--. 1 root tomcat 1383 Feb 9 2016 /etc/tomcat6/tomcat-users.xml -rw-rw----. 1 tomcat tomcat 2425 Aug 5 15:25 /etc/tomcat/tomcat-users.xml Ultimately the RPM's permissions can't satisfy everyone so I usually suggest the use of a yum-post-transaction to keep the permissions configured the way you need them to be.