Information
The context.xml file is loaded by all web applications and sets certain configuration options. It is recommended that access to this file properly protect from unauthorized changes.
Rationale:
Restricting access to this file will prevent local users from maliciously or inadvertently altering Tomcat's security policy.
Solution
Perform the following to restrict access to context.xml:
Set the ownership of the $CATALINA_HOME/conf/context.xml to tomcat_admin:tomcat.
# chown tomcat_admin:tomcat $CATALINA_HOME/conf/context.xml
Set the permissions for the $CATALINA_HOME/conf/context.xml to 600.
# chmod 600 $CATALINA_HOME/conf/context.xml
Default Value:
The default permissions of context.xml are 600.