Bug 693815 - /var/log/tomcat6/catalina.out owned by pkiuser
Summary: /var/log/tomcat6/catalina.out owned by pkiuser
Keywords:
Status: CLOSED EOL
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: Installer (pkicreate/pkiremove)
Version: 9.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
Assignee: RHCS Maintainers
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks: 693835 696390
TreeView+ depends on / blocked
 
Reported: 2011-04-05 16:04 UTC by John Dennis
Modified: 2020-03-27 20:12 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
: 693835 (view as bug list)
Environment:
Last Closed: 2020-03-27 20:12:38 UTC
Embargoed:

Attachments (Terms of Use)
set TOMCAT_LOG when tomcat6 initscript is executed (3.03 KB, patch)
2011-04-05 16:10 UTC, John Dennis 		mharmsen: review+
Details | Diff
View All

Description John Dennis 2011-04-05 16:04:55 UTC 
/var/log/tomcat6/catalina.out user & group ownership gets set to pkiuser. This is not correct, we should not be setting anything outside our tomcat instance. This occurs because of these lines in /etc/init.d/tomcat6

TOMCAT_LOG="${TOMCAT_LOG:-/var/log/tomcat6/catalina.out}"

    [ "$RETVAL" -eq "0" ] && touch $TOMCAT_LOG 2>&1 || RETVAL="4" 
    if [ "$RETVAL" -eq "0" -a "$?" -eq "0" ]; then
      chown ${TOMCAT_USER}:${TOMCAT_USER} $TOMCAT_LOG
    fi

The fundamental problem is we do not set TOMCAT_LOG in /etc/sysconfig/<instance> which is a template file installed in /user/share/pki/{ca,kra,ocsp,tks}/conf/tomcat6.conf
Comment 1 John Dennis 2011-04-05 16:10:40 UTC 
Created attachment 490027 [details]
set TOMCAT_LOG when tomcat6 initscript is executed
Comment 2 John Dennis 2011-04-12 13:44:05 UTC 
Sending        base/ca/shared/conf/tomcat6.conf
Sending        base/kra/shared/conf/tomcat6.conf
Sending        base/ocsp/shared/conf/tomcat6.conf
Sending        base/setup/pkicreate
Sending        base/tks/shared/conf/tomcat6.conf
Transmitting file data .....
Committed revision 1954.
Note You need to log in before you can comment on or make changes to this bug.