Browse Source

Use a fixed non-configurable user 'tomcat' to run the server

tags/debian/9.0.13-1
Emmanuel Bourg 2 years ago
parent
commit
243d00dc68
26 changed files with 44 additions and 607 deletions
  1. +4
    -3
      debian/README.Debian
  2. +1
    -0
      debian/changelog
  3. +0
    -8
      debian/defaults.template
  4. +1
    -1
      debian/logrotate.template
  5. +0
    -35
      debian/po/cs.po
  6. +0
    -35
      debian/po/da.po
  7. +0
    -35
      debian/po/de.po
  8. +0
    -29
      debian/po/es.po
  9. +0
    -35
      debian/po/fr.po
  10. +0
    -35
      debian/po/it.po
  11. +0
    -35
      debian/po/ja.po
  12. +0
    -35
      debian/po/nl.po
  13. +0
    -35
      debian/po/pl.po
  14. +0
    -35
      debian/po/pt.po
  15. +0
    -35
      debian/po/pt_BR.po
  16. +0
    -35
      debian/po/ru.po
  17. +0
    -24
      debian/po/sk.po
  18. +0
    -33
      debian/po/sv.po
  19. +0
    -29
      debian/po/templates.pot
  20. +0
    -24
      debian/po/tr.po
  21. +0
    -10
      debian/tomcat9.config
  22. +14
    -14
      debian/tomcat9.init
  23. +20
    -26
      debian/tomcat9.postinst
  24. +2
    -3
      debian/tomcat9.prerm
  25. +2
    -2
      debian/tomcat9.service
  26. +0
    -16
      debian/tomcat9.templates

+ 4
- 3
debian/README.Debian View File

@@ -8,9 +8,10 @@ Migrating from previous Tomcat packages
- http://tomcat.apache.org/migration-85.html
- http://tomcat.apache.org/migration-9.html

* The Debian packages for Tomcat each create a separate tomcat<n> user.
You may need to recursively update your application directories to be
owned by the tomcat9 user.
* Before the version 9 the Debian packages for Tomcat each created their
own tomcat<n> users. You may need to recursively update your application
directories to be owned by the tomcat user. This user will no longer
change for the future upgrades.


Getting started


+ 1
- 0
debian/changelog View File

@@ -10,6 +10,7 @@ tomcat9 (9.0.13-1) UNRELEASED; urgency=medium
- Use the OSGi metadata generated by the upstream build
- Deploy the Tomcat artifacts in the Maven repository with the 9.x version
- Updated the README file
* Use a fixed non-configurable user 'tomcat' to run the server
* No longer add the 'common', 'server' and 'shared' directories under
CATALINA_HOME and CATALINA_BASE to the classpath. Extra jar files should go
to the 'lib' directory.


+ 0
- 8
debian/defaults.template View File

@@ -1,11 +1,3 @@
# Run Tomcat as this user ID. Not setting this or leaving it blank will use the
# default of tomcat9.
TOMCAT9_USER=tomcat9

# Run Tomcat as this group ID. Not setting this or leaving it blank will use
# the default of tomcat9.
TOMCAT9_GROUP=tomcat9

# The home directory of the Java development kit (JDK). You need at least
# JDK version 8. If JAVA_HOME is not set, some common directories for
# OpenJDK and the Oracle JDK are tried.


+ 1
- 1
debian/logrotate.template View File

@@ -5,5 +5,5 @@
compress
delaycompress
missingok
create 640 tomcat9 adm
create 640 tomcat adm
}

+ 0
- 35
debian/po/cs.po View File

@@ -15,41 +15,6 @@ msgstr ""
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "Vyhrazený systémový účet pro démona tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid ""
"The tomcat9 server must use a dedicated account for its operation so that "
"the system's security is not compromised by running it with superuser "
"privileges."
msgstr ""
"Server tomcat9 musí ke své činnosti používat vyhrazený účet, jen tak "
"není ohrožena bezpečnost systému, jako v případě spouštění s právy "
"superuživatele."

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "Vyhrazená systémová skupina uživatelů pro démona tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid ""
"The tomcat9 server must use a dedicated group for its operation so that the "
"system's security is not compromised by running it with superuser privileges."
msgstr ""
"Server tomcat9 musí ke své činnosti používat vyhrazenou skupinu uživatelů, "
"jen tak není ohrožena bezpečnost systému, jako v případě spouštění s právy "
"superuživatele."

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 35
debian/po/da.po View File

@@ -15,41 +15,6 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "Dedikeret systemkonto for tomcat9-dæmonen:"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid ""
"The tomcat9 server must use a dedicated account for its operation so that "
"the system's security is not compromised by running it with superuser "
"privileges."
msgstr ""
"tomcat9-serveren skal bruge en dedikeret konto for at fungere på en måde, der "
"gør, at systemets sikkerhed ikke kompromitteres ved at køre den med "
"superbrugerprivilegier."

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "Dedikeret systemgruppe for tomcat9-dæmonen:"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid ""
"The tomcat9 server must use a dedicated group for its operation so that the "
"system's security is not compromised by running it with superuser privileges."
msgstr ""
"tomcat9-dæmonen skal bruge en dedikeret gruppe for at fungere på en måde, der "
"gør, at systemets sikkerhed ikke kompromitteres ved at køre den med "
"superbrugerprivilegier."

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 35
debian/po/de.po View File

@@ -15,41 +15,6 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "Eigenes Systemkonto für den tomcat9-Daemon:"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid ""
"The tomcat9 server must use a dedicated account for its operation so that "
"the system's security is not compromised by running it with superuser "
"privileges."
msgstr ""
"Der tomcat9-Server muss ein eigenes Konto für seinen Betrieb verwenden, um "
"die Sicherheit des Systems nicht durch die Ausführung mit Superuser-Rechten "
"zu kompromittieren."

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "Eigene Systemgruppe für den tomcat9-Daemon:"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid ""
"The tomcat9 server must use a dedicated group for its operation so that the "
"system's security is not compromised by running it with superuser privileges."
msgstr ""
"Der tomcat9-Server muss eine eigene Gruppe für seinen Betrieb verwenden, um "
"die Sicherheit des Systems nicht durch die Ausführung mit Superuser-Rechten "
"zu kompromittieren."

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 29
debian/po/es.po View File

@@ -43,35 +43,6 @@ msgstr ""
"X-POFile-SpellExtra: tomcat Tomcat UseConcMarkSweepGC XX JVM cores\n"
"X-POFile-SpellExtra: CMSIncrementalMode\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "Cuenta del sistema dedicada para el servicio tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid ""
"The tomcat9 server must use a dedicated account for its operation so that "
"the system's security is not compromised by running it with superuser "
"privileges."
msgstr "El servidor tomcat9 debe utilizar una cuenta dedicada para su operación para no comprometer la seguridad del sistema al ejecutarlo con privilegios de superusuario."

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "Grupo de sistema dedicado para el servicio tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid ""
"The tomcat9 server must use a dedicated group for its operation so that the "
"system's security is not compromised by running it with superuser privileges."
msgstr "El servidor tomcat9 debe utilizar un grupo dedicado para su operación para no comprometer la seguridad del sistema por ejecutarlo con los privilegios del superusuario."

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 35
debian/po/fr.po View File

@@ -16,41 +16,6 @@ msgstr ""
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "Compte système dédié au démon tomcat9 :"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid ""
"The tomcat9 server must use a dedicated account for its operation so that "
"the system's security is not compromised by running it with superuser "
"privileges."
msgstr ""
"Le serveur tomcat9 nécessite un compte dédié pour fonctionner afin de ne pas "
"compromettre la sécurité du système en s'exécutant avec les privilèges du "
"superutilisateur."

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "Groupe système dédié au démon tomcat9 :"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid ""
"The tomcat9 server must use a dedicated group for its operation so that the "
"system's security is not compromised by running it with superuser privileges."
msgstr ""
"Le serveur tomcat9 nécessite un groupe dédié pour fonctionner afin de ne pas "
"compromettre la sécurité du système en s'exécutant avec les privilèges du "
"superutilisateur."

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 35
debian/po/it.po View File

@@ -16,41 +16,6 @@ msgstr ""
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "Account di sistema dedicato per il demone tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid ""
"The tomcat9 server must use a dedicated account for its operation so that "
"the system's security is not compromised by running it with superuser "
"privileges."
msgstr ""
"Il server tomcat9 deve utilizzare un account dedicato per le sue funzioni "
"affinché la sicurezza del sistema non sia compromessa dall'esecuzione con "
"i privilegi del superutente."

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "Gruppo di sistema dedicato per il demone tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid ""
"The tomcat9 server must use a dedicated group for its operation so that the "
"system's security is not compromised by running it with superuser privileges."
msgstr ""
"Il server tomcat9 deve utilizzare un gruppo dedicato per le sue funzioni "
"affinché la sicurezza del sistema non sia compromessa dall'esecuzione con "
"i privilegi di superutente."

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 35
debian/po/ja.po View File

@@ -15,41 +15,6 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "tomcat9 デーモン専用のシステムアカウント:"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid ""
"The tomcat9 server must use a dedicated account for its operation so that "
"the system's security is not compromised by running it with superuser "
"privileges."
msgstr ""
"tomcat9 サーバは、動作するのに専用アカウントを利用する必要があります。"
"これによって、システムのセキュリティは特権ユーザ権限で動作させることによる"
"侵害を受けなくなります。"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "tomcat9 デーモン専用のシステムグループ:"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid ""
"The tomcat9 server must use a dedicated group for its operation so that the "
"system's security is not compromised by running it with superuser privileges."
msgstr ""
"tomcat9 サーバは、動作するのに専用グループを利用する必要があります。"
"これによって、システムのセキュリティは特権ユーザ権限で動作させることによる"
"侵害を受けなくなります。"

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 35
debian/po/nl.po View File

@@ -16,41 +16,6 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "Speciale systeemaccount voor de tomcat9-achtergronddienst:"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid ""
"The tomcat9 server must use a dedicated account for its operation so that "
"the system's security is not compromised by running it with superuser "
"privileges."
msgstr ""
"De tomcat9-server moet een speciale account gebruiken voor zijn "
"werkzaamheden, want als hij met beheerdersrechten wordt uitgevoerd kan dit "
"de beveiliging van het systeem in gevaar brengen."

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "Speciale systeemgroep voor de tomcat9-achtergronddienst:"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid ""
"The tomcat9 server must use a dedicated group for its operation so that the "
"system's security is not compromised by running it with superuser privileges."
msgstr ""
"De tomcat9-server moet een speciale groep gebruiken voor zijn werkzaamheden, "
"want als hij met beheerdersrechten wordt uitgevoerd kan dit de beveiliging "
"van het systeem in gevaar brengen."

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 35
debian/po/pl.po View File

@@ -19,41 +19,6 @@ msgstr ""
"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
"|| n%100>=20) ? 1 : 2);\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "Oddzielne konto systemowe dla demona tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid ""
"The tomcat9 server must use a dedicated account for its operation so that "
"the system's security is not compromised by running it with superuser "
"privileges."
msgstr ""
"Serwer tomcat9 musi używać wydzielonego konta, dzięki czemu bezpieczeństwo "
"systemu nie zostanie naruszone przez działanie z uprawnieniami "
"superużytkownika."

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "Oddzielna grupa systemowa dla demona tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid ""
"The tomcat9 server must use a dedicated group for its operation so that the "
"system's security is not compromised by running it with superuser privileges."
msgstr ""
"Serwer tomcat9 musi używać wydzielonej grupy, dzięki czemu bezpieczeństwo "
"systemu nie zostanie naruszone przez działanie z uprawnieniami "
"superużytkownika."

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 35
debian/po/pt.po View File

@@ -17,41 +17,6 @@ msgstr ""
"X-Generator: Lokalize 1.0\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "Conta de sistema dedicada para o daemon do tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid ""
"The tomcat9 server must use a dedicated account for its operation so that "
"the system's security is not compromised by running it with superuser "
"privileges."
msgstr ""
"O servidor tomcat9 precisa de usar um conta dedicada para a sua operação "
"para que a segurança do sistema não seja comprometida ao corrê-lo com "
"privilégios de super utilizador."

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "Grupo de sistema dedicado para o daemon do tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid ""
"The tomcat9 server must use a dedicated group for its operation so that the "
"system's security is not compromised by running it with superuser privileges."
msgstr ""
"O servidor tomcat9 precisa de usar um grupo dedicado para a sua operação "
"para que a segurança do sistema não seja comprometida ao corrê-lo com "
"privilégios de super utilizador."

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 35
debian/po/pt_BR.po View File

@@ -18,41 +18,6 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"pt_BR utf-8\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "Conta de sistema dedicada para o daemon tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid ""
"The tomcat9 server must use a dedicated account for its operation so that "
"the system's security is not compromised by running it with superuser "
"privileges."
msgstr ""
"O servidor tomcat9 deve usar uma conta dedicada para sua operação, desta "
"forma a segurança do sistema não será comprometida por rodar com privilégios "
"de superusuário."

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "Grupo de sistema dedicado para o daemon tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid ""
"The tomcat9 server must use a dedicated group for its operation so that the "
"system's security is not compromised by running it with superuser privileges."
msgstr ""
"O servidor tomcat9 deve usar um grupo dedicado para sua operação, desta "
"forma a segurança do sistema não será comprometida por rodar com privilégios "
"de superusuário."

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 35
debian/po/ru.po View File

@@ -17,41 +17,6 @@ msgstr ""
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "Отдельная системная учётная запись для службы tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid ""
"The tomcat9 server must use a dedicated account for its operation so that "
"the system's security is not compromised by running it with superuser "
"privileges."
msgstr ""
"Для того, чтобы не подвергать риску безопасность системы, "
"сервер tomcat9 требуется запускать с правами отдельной "
"системной учётной записи."

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "Отдельная системная группа для службы tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid ""
"The tomcat9 server must use a dedicated group for its operation so that the "
"system's security is not compromised by running it with superuser privileges."
msgstr ""
"Для того, чтобы не подвергать риску безопасность системы, "
"сервер tomcat9 требуется запускать с правами отдельной "
"группы."

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 24
debian/po/sk.po View File

@@ -16,30 +16,6 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "Vyhradený systémový účet pre démona tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "The tomcat9 server must use a dedicated account for its operation so that the system's security is not compromised by running it with superuser privileges."
msgstr "Server tomcat9 musí používať na svoju prevádzku vyhradený účet, aby nebola kompromitovaná bezpečnosť systému, keď sa spúšťa s oprávneniami superpoužívateľa."

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "Vyhradená systémová skupina pre démona tomcat9:"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "The tomcat9 server must use a dedicated group for its operation so that the system's security is not compromised by running it with superuser privileges."
msgstr "Server tomcat9 musí používať na svoju prevádzku vyhradenú skupinu, aby nebola kompromitovaná bezpečnosť systému, keď sa spúšťa s oprávneniami superpoužívateľa."

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 33
debian/po/sv.po View File

@@ -18,39 +18,6 @@ msgstr ""
"X-Poedit-Language: Swedish\n"
"X-Poedit-Country: Sweden\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "Systemanvändare för tomcat9-tjänsten:"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid ""
"The tomcat9 server must use a dedicated account for its operation so that "
"the system's security is not compromised by running it with superuser "
"privileges."
msgstr ""
"tomcat9-servern måste köra som en systemanvändare så att systemets säkerhet "
"inte äventyras genom att köra tjänsten med superanvändarens rättigheter."

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "Systemgrupp för tomcat9-tjänsten:"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid ""
"The tomcat9 server must use a dedicated group for its operation so that the "
"system's security is not compromised by running it with superuser privileges."
msgstr ""
"tomcat9-servern måste köra ha en systemgrupp så att systemets säkerhet inte "
"äventyras genom att köra tjänsten med superanvändarens rättigheter."

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 29
debian/po/templates.pot View File

@@ -16,35 +16,6 @@ msgstr ""
"Content-Type: text/plain; charset=CHARSET\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr ""

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid ""
"The tomcat9 server must use a dedicated account for its operation so that "
"the system's security is not compromised by running it with superuser "
"privileges."
msgstr ""

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr ""

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid ""
"The tomcat9 server must use a dedicated group for its operation so that the "
"system's security is not compromised by running it with superuser privileges."
msgstr ""

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 24
debian/po/tr.po View File

@@ -15,30 +15,6 @@ msgstr ""
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "Dedicated system account for the tomcat9 daemon:"
msgstr "tomcat9 artalan sürecine özgü sistem hesabı:"

#. Type: string
#. Description
#: ../tomcat9.templates:1001
msgid "The tomcat9 server must use a dedicated account for its operation so that the system's security is not compromised by running it with superuser privileges."
msgstr "tomcat9 sunucusu, işlevini gerçekleştirirken, süper kullanıcı hakları ile çalıştırılmasının getireceği güvenlik açıklarını engellemek için kendine özgü bir kullanıcı hesabı kullanmalıdır."

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "Dedicated system group for the tomcat9 daemon:"
msgstr "tomcat9 artalan sürecine özgü sistem grubu:"

#. Type: string
#. Description
#: ../tomcat9.templates:2001
msgid "The tomcat9 server must use a dedicated group for its operation so that the system's security is not compromised by running it with superuser privileges."
msgstr "tomcat9 sunucusu, işlevini gerçekleştirirken, süper kullanıcı hakları ile çalıştırılmasının getireceği güvenlik açıklarını engellemek için kendine özgü bir grup hesabı kullanmalıdır."

#. Type: string
#. Description
#: ../tomcat9.templates:3001


+ 0
- 10
debian/tomcat9.config View File

@@ -11,21 +11,11 @@ if [ -e "${CONFFILE}" ]
then
. ${CONFFILE} || true

if [ -n "${TOMCAT9_USER}" ]; then
db_set tomcat9/username "${TOMCAT9_USER}"
fi

if [ -n "${TOMCAT9_GROUP}" ]; then
db_set tomcat9/groupname "${TOMCAT9_GROUP}"
fi

if [ -n "${JAVA_OPTS}" ]; then
db_set tomcat9/javaopts "${JAVA_OPTS}"
fi
fi

db_input low tomcat9/username || true
db_input low tomcat9/groupname || true
db_input low tomcat9/javaopts || true
db_go



+ 14
- 14
debian/tomcat9.init View File

@@ -50,8 +50,8 @@ fi
# The following variables can be overwritten in $DEFAULT

# Run Tomcat as this user ID and group ID
TOMCAT9_USER=tomcat9
TOMCAT9_GROUP=tomcat9
TOMCAT_USER=tomcat
TOMCAT_GROUP=tomcat

# Find the Java runtime and set JAVA_HOME
. /usr/libexec/tomcat9/tomcat-locate-java.sh
@@ -132,12 +132,12 @@ catalina_sh() {
# Run the catalina.sh script as a daemon
set +e
if [ ! -f "$CATALINA_BASE"/logs/catalina.out ]; then
# run install as tomcat9 to work around #841371
su $TOMCAT9_USER -s /bin/bash -c "install -m 644 /dev/null $CATALINA_BASE/logs/catalina.out"
# run install as tomcat to work around #841371
su $TOMCAT_USER -s /bin/bash -c "install -m 644 /dev/null $CATALINA_BASE/logs/catalina.out"
fi
install -o $TOMCAT9_USER -g adm -m 644 /dev/null "$CATALINA_PID"
start-stop-daemon --start -b -u "$TOMCAT9_USER" -g "$TOMCAT9_GROUP" \
-c "$TOMCAT9_USER" -d "$CATALINA_TMPDIR" -p "$CATALINA_PID" \
install -o $TOMCAT_USER -g adm -m 644 /dev/null "$CATALINA_PID"
start-stop-daemon --start -b -u "$TOMCAT_USER" -g "$TOMCAT_GROUP" \
-c "$TOMCAT_USER" -d "$CATALINA_TMPDIR" -p "$CATALINA_PID" \
-x /bin/bash -- -c "$AUTHBIND_COMMAND $TOMCAT_SH"
status="$?"
set +a -e
@@ -157,11 +157,11 @@ case "$1" in
fi

# Change the home directory to /var/lib/tomcat9 for older installations (to be removed in tomcat9)
usermod --home /var/lib/tomcat9 $TOMCAT9_USER > /dev/null 2>&1 || true
usermod --home /var/lib/tomcat9 $TOMCAT_USER > /dev/null 2>&1 || true

log_daemon_msg "Starting $DESC" "$NAME"
if start-stop-daemon --test --start --pidfile "$CATALINA_PID" \
--user $TOMCAT9_USER --exec "$JAVA_HOME/bin/java" \
--user $TOMCAT_USER --exec "$JAVA_HOME/bin/java" \
>/dev/null; then

# Regenerate POLICY_CACHE file
@@ -180,12 +180,12 @@ case "$1" in
log_failure_msg "could not create JVM temporary directory"
exit 1
}
chown -h $TOMCAT9_USER "$JVM_TMP"
chown -h $TOMCAT_USER "$JVM_TMP"

catalina_sh start $SECURITY
sleep 5
if start-stop-daemon --test --start --pidfile "$CATALINA_PID" \
--user $TOMCAT9_USER --exec "$JAVA_HOME/bin/java" \
--user $TOMCAT_USER --exec "$JAVA_HOME/bin/java" \
>/dev/null; then
if [ -f "$CATALINA_PID" ]; then
rm -f "$CATALINA_PID"
@@ -205,7 +205,7 @@ case "$1" in
set +e
if [ -f "$CATALINA_PID" ]; then
start-stop-daemon --stop --pidfile "$CATALINA_PID" \
--user "$TOMCAT9_USER" \
--user "$TOMCAT_USER" \
--retry=TERM/20/KILL/5 >/dev/null
if [ $? -eq 1 ]; then
log_progress_msg "$DESC is not running but pid file exists, cleaning up"
@@ -225,7 +225,7 @@ case "$1" in
status)
set +e
start-stop-daemon --test --start --pidfile "$CATALINA_PID" \
--user $TOMCAT9_USER --exec "$JAVA_HOME/bin/java" \
--user $TOMCAT_USER --exec "$JAVA_HOME/bin/java" \
>/dev/null 2>&1
if [ "$?" = "0" ]; then

@@ -250,7 +250,7 @@ case "$1" in
;;
try-restart)
if start-stop-daemon --test --start --pidfile "$CATALINA_PID" \
--user $TOMCAT9_USER --exec "$JAVA_HOME/bin/java" \
--user $TOMCAT_USER --exec "$JAVA_HOME/bin/java" \
>/dev/null; then
$0 start
fi


+ 20
- 26
debian/tomcat9.postinst View File

@@ -7,74 +7,68 @@ CONFFILE="/etc/default/tomcat9"
LR_TEMPLATE="/usr/share/tomcat9/logrotate.template"
LR_CONFFILE="/etc/logrotate.d/tomcat9"
JAVA_OPTS="-Djava.awt.headless=true -XX:+UseConcMarkSweepGC"
TOMCAT_USER="tomcat"
TOMCAT_GROUP="tomcat"

case "$1" in
configure)

# Generate $CONFFILE from debconf seetings and $TEMPLATE
db_version 2.0
db_get tomcat9/username && TOMCAT9_USER="$RET" || TOMCAT9_USER="tomcat9"
db_get tomcat9/groupname && TOMCAT9_GROUP="$RET" || TOMCAT9_GROUP="tomcat9"
db_get tomcat9/javaopts && JAVA_OPTS="$RET" || JAVA_OPTS="-Djava.awt.headless=true -XX:+UseConcMarkSweepGC"

tmpfile=`mktemp /tmp/tomcat9.XXXXXXXXXX`
chmod 644 $tmpfile
DELIM=$(printf '\001')
cat $TEMPLATE \
| sed "s%^TOMCAT9_USER=.*$%TOMCAT9_USER=$TOMCAT9_USER%" \
| sed "s%^TOMCAT9_GROUP=.*$%TOMCAT9_GROUP=$TOMCAT9_GROUP%" \
| sed "s${DELIM}^JAVA_OPTS=.*\$${DELIM}JAVA_OPTS=\"$JAVA_OPTS\"${DELIM}" \
>> $tmpfile
ucf --debconf-ok --sum-file /usr/share/tomcat9/defaults.md5sum $tmpfile $CONFFILE
rm -f $tmpfile

if ! getent group "$TOMCAT9_GROUP" > /dev/null 2>&1 ; then
addgroup --system "$TOMCAT9_GROUP" --quiet
if ! getent group "$TOMCAT_GROUP" > /dev/null 2>&1 ; then
addgroup --system "$TOMCAT_GROUP" --quiet
fi
if ! id $TOMCAT9_USER > /dev/null 2>&1 ; then
if ! id $TOMCAT_USER > /dev/null 2>&1 ; then
adduser --system --home /var/lib/tomcat9 --no-create-home \
--ingroup "$TOMCAT9_GROUP" --disabled-password --shell /bin/false \
--ingroup "$TOMCAT_GROUP" --disabled-password --shell /bin/false \
--gecos "Apache Tomcat" \
"$TOMCAT9_USER"
"$TOMCAT_USER"
fi
chown -Rh $TOMCAT9_USER:adm /var/log/tomcat9 /var/cache/tomcat9
chown -Rh $TOMCAT_USER:adm /var/log/tomcat9 /var/cache/tomcat9
chmod 750 /var/log/tomcat9 /var/cache/tomcat9

# populate /etc/logrotate.d/tomcat9
tmpfile=`mktemp /tmp/tomcat9.XXXXXXXXXX`
chmod 644 $tmpfile
cat $LR_TEMPLATE | sed "s%create 640 tomcat9 adm%create 640 $TOMCAT9_USER adm%" >> $tmpfile
ucf --debconf-ok --sum-file /usr/share/tomcat9/logrotate.md5sum $tmpfile $LR_CONFFILE
rm -f $tmpfile
ucf --debconf-ok --sum-file /usr/share/tomcat9/logrotate.md5sum $LR_TEMPLATE $LR_CONFFILE

# configuration files should not be modifiable by tomcat9 user, as this can be a security issue
# configuration files should not be modifiable by tomcat user, as this can be a security issue
# (an attacker may insert code in a webapp and have access to all tomcat configuration)
# but those files should be readable by tomcat9, so we set the group to tomcat9
# but those files should be readable by tomcat, so we set the group to tomcat
for i in tomcat-users.xml web.xml server.xml logging.properties context.xml catalina.properties jaspic-providers.xml;
do
if [ -f "/etc/tomcat9/$i" ]; then
chown root:$TOMCAT9_GROUP /etc/tomcat9/$i
chown root:$TOMCAT_GROUP /etc/tomcat9/$i
chmod 640 /etc/tomcat9/$i
fi
done
# configuration policy files should not be modifiable by the tomcat9 user. Only
# configuration policy files should not be modifiable by the tomcat user. Only
# diverge from default permissions for known Debian files
chown root:$TOMCAT9_GROUP /etc/tomcat9/policy.d
chown root:$TOMCAT_GROUP /etc/tomcat9/policy.d
for i in 01system.policy 02debian.policy 03catalina.policy 04webapps.policy 50local.policy;
do
if [ -f "/etc/tomcat9/policy.d/$i" ]; then
chown root:$TOMCAT9_GROUP /etc/tomcat9/policy.d/$i
chown root:$TOMCAT_GROUP /etc/tomcat9/policy.d/$i
chmod 640 /etc/tomcat9/policy.d/$i
fi
done
chown -Rh root:$TOMCAT9_GROUP /etc/tomcat9/Catalina
chown -Rh root:$TOMCAT_GROUP /etc/tomcat9/Catalina

chown -Rh $TOMCAT9_USER:$TOMCAT9_GROUP /var/lib/tomcat9/webapps /var/lib/tomcat9/lib
chown -Rh $TOMCAT_USER:$TOMCAT_GROUP /var/lib/tomcat9/webapps /var/lib/tomcat9/lib
chmod 775 /var/lib/tomcat9/webapps
chmod 775 /etc/tomcat9/Catalina

# Authorize user tomcat9 to open privileged ports via authbind.
TOMCAT_UID="`id -u $TOMCAT9_USER`"
# Authorize user tomcat to open privileged ports via authbind.
TOMCAT_UID="`id -u $TOMCAT_USER`"
if [ ! -f "/etc/authbind/byuid/$TOMCAT_UID" ]; then
if [ ! -d "/etc/authbind/byuid" ]; then
mkdir -p /etc/authbind/byuid
@@ -83,7 +77,7 @@ case "$1" in
fi
echo '0.0.0.0/0:1,1023' >/etc/authbind/byuid/$TOMCAT_UID
echo '::/0,1-1023' >>/etc/authbind/byuid/$TOMCAT_UID
chown $TOMCAT9_USER:$TOMCAT9_GROUP /etc/authbind/byuid/$TOMCAT_UID
chown $TOMCAT_USER:$TOMCAT_GROUP /etc/authbind/byuid/$TOMCAT_UID
chmod 700 /etc/authbind/byuid/$TOMCAT_UID
fi
;;


+ 2
- 3
debian/tomcat9.prerm View File

@@ -3,10 +3,9 @@ set -e

case "$1" in
remove)
[ -f /etc/default/tomcat9 ] && . /etc/default/tomcat9
[ -z "$TOMCAT9_USER" ] && TOMCAT9_USER="tomcat9"
TOMCAT_USER="tomcat"
# Remove auth for tomcat9 to open privileged ports via authbind.
TOMCAT_UID="`id -u $TOMCAT9_USER`"
TOMCAT_UID="`id -u $TOMCAT_USER`"
if [ -f "/etc/authbind/byuid/$TOMCAT_UID" ]; then
rm -f /etc/authbind/byuid/$TOMCAT_UID
fi


+ 2
- 2
debian/tomcat9.service View File

@@ -26,8 +26,8 @@ SuccessExitStatus=143
SyslogIdentifier=tomcat9

# Security
User=tomcat9
Group=tomcat9
User=tomcat
Group=tomcat
PrivateTmp=yes
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true


+ 0
- 16
debian/tomcat9.templates View File

@@ -1,19 +1,3 @@
Template: tomcat9/username
Type: string
Default: tomcat9
_Description: Dedicated system account for the tomcat9 daemon:
The tomcat9 server must use a dedicated account for its operation so that
the system's security is not compromised by running it with superuser
privileges.

Template: tomcat9/groupname
Type: string
Default: tomcat9
_Description: Dedicated system group for the tomcat9 daemon:
The tomcat9 server must use a dedicated group for its operation so that
the system's security is not compromised by running it with superuser
privileges.

Template: tomcat9/javaopts
Type: string
Default: -Djava.awt.headless=true -XX:+UseConcMarkSweepGC


Loading…
Cancel
Save