Information
$CATALINA_HOME is the environment variable which holds the path to the root Tomcat directory. It is important to protect access to this in order to protect the Tomcat binaries and libraries from unauthorized modification. It is recommended that the ownership of $CATALINA_HOME be tomcat_admin:tomcat It is also recommended that the permission on $CATALINA_HOME block read, write, and execute for the world ( o-rwx ) and block write access to the group ( g-w ).
The security of processes and data which traverse or depend on Tomcat may become compromised if the $CATALINA_HOME is not secured.
Solution
Perform the following to establish the recommended state:
- Set the ownership of the $CATALINA_HOME to tomcat_admin:tomcat # chown tomcat_admin.tomcat $CATALINA_HOME
- Remove write permissions for the group and read, write, and execute permissions for the world # chmod g-w,o-rwx $CATALINA_HOME