Description of problem: Summary says it all -- our tomcat5 package installs file that holds passwords with insecure permissions by default.
(In reply to comment #0) > Description of problem: > > Summary says it all -- our tomcat5 package installs file that holds passwords > with insecure permissions by default. Where are you seeing this? I checked FC-6/F-7/RHEL-5/RHEL-5_0-Z and all of them have %attr(660,root,tomcat) %config(noreplace) %{confdir}/tomcat-users.xml which I think should be fine... Am I missing something obvious? Can you run an rpm -qV tomcat5 to verify what you are seeing isnt due to some local modification?
Uh, I'm very sorry, you're right. Though I was not aware of doing this intentionally it's no longer a problem of anyone but me. Please pardon me, closing this bug.
(In reply to comment #2) > Uh, I'm very sorry, you're right. Though I was not aware of doing this > intentionally it's no longer a problem of anyone but me. Please pardon me, > closing this bug. No problem :). However, I have seen some mysterious rpm -qV changes on a couple of instances for this file where no direct changes could be recalled being made by the admins. It is a possibility some post script somewhere is somehow messing up, I will keep an eye out but if you encounter the behaviour again, reopen the bug with any additional information like packages installed etc.