/var/log/tomcat6/catalina.out user & group ownership gets set to pkiuser. This is not correct, we should not be setting anything outside our tomcat instance. This occurs because of these lines in /etc/init.d/tomcat6 TOMCAT_LOG="${TOMCAT_LOG:-/var/log/tomcat6/catalina.out}" [ "$RETVAL" -eq "0" ] && touch $TOMCAT_LOG 2>&1 || RETVAL="4" if [ "$RETVAL" -eq "0" -a "$?" -eq "0" ]; then chown ${TOMCAT_USER}:${TOMCAT_USER} $TOMCAT_LOG fi The fundamental problem is we do not set TOMCAT_LOG in /etc/sysconfig/<instance> which is a template file installed in /user/share/pki/{ca,kra,ocsp,tks}/conf/tomcat6.conf
Created attachment 490027 [details] set TOMCAT_LOG when tomcat6 initscript is executed
Sending base/ca/shared/conf/tomcat6.conf Sending base/kra/shared/conf/tomcat6.conf Sending base/ocsp/shared/conf/tomcat6.conf Sending base/setup/pkicreate Sending base/tks/shared/conf/tomcat6.conf Transmitting file data ..... Committed revision 1954.