Description of problem: The ccm load command runs as servlet, but the /etc/ccm/conf directory is owned by root, thus it is unable to create the config registry files. We need to make this directory writable by 'servlet'. Doing this, however, introduces a security risk because the servlet can now overwrite the resin.conf and log4j.properties files. Thus these two files need to be moved elsewhere. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
In fact I'd question whether the /etc/ccm/conf directory should be writable by the servlet container at all - only the 'ccm set' or 'ccm load' commands ever change the config properties.
40193 and 40195 introduce fixes to make /etc/ccm/conf writable by the servlet user. However, as Dan points out in comment #1, this could introduce a security rick. I'll post some more thoughts this afternoon.
fixed at @40709. That checkin also includes a description of the new filesystem permissions