Red Hat Bugzilla – Bug 115251
ccm load can't write to /etc/ccm/conf
Last modified: 2007-04-18 13:02:40 EDT
Description of problem:
The ccm load command runs as servlet, but the /etc/ccm/conf directory
is owned by root, thus it is unable to create the config registry
files. We need to make this directory writable by 'servlet'. Doing
this, however, introduces a security risk because the servlet can now
overwrite the resin.conf and log4j.properties files. Thus these two
files need to be moved elsewhere.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
In fact I'd question whether the /etc/ccm/conf directory should be
writable by the servlet container at all - only the 'ccm set' or 'ccm
load' commands ever change the config properties.
40193 and 40195 introduce fixes to make /etc/ccm/conf writable by the
servlet user. However, as Dan points out in comment #1, this could
introduce a security rick. I'll post some more thoughts this afternoon.
fixed at @40709. That checkin also includes a description of the new