From 54127f838eb0904c89d87aea34cffad6eb738fd6 Mon Sep 17 00:00:00 2001
From: Prasanna Santhanam <tsp@apache.org>
Date: Mon, 3 Jun 2013 13:53:19 +0530
Subject: [PATCH] CLOUDSTACK-2758: Fix permissions of catalina.out

Because of CVE 2013-1976, catalina.out gets owned by root. Since
cloudstack-management is run under a privileged user env. of cloud have
cloud ($TOMCAT_USER) own the catalina.out.

Signed-off-by: Prasanna Santhanam <tsp@apache.org>
---
 client/tomcatconf/classpath.conf.in | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/client/tomcatconf/classpath.conf.in b/client/tomcatconf/classpath.conf.in
index 3ae0fb4d778..f2aeebac2a4 100644
--- a/client/tomcatconf/classpath.conf.in
+++ b/client/tomcatconf/classpath.conf.in
@@ -36,3 +36,11 @@ done
 export CLASSPATH
 PATH=/sbin:/usr/sbin:$PATH
 export PATH
+
+#catalina.out owned by `cloud` not `root`
+if [ ! -f $TOMCAT_LOG ]; then
+    touch $TOMCAT_LOG
+    chown $TOMCAT_USER:$TOMCAT_USER $TOMCAT_LOG
+else
+    chown $TOMCAT_USER:$TOMCAT_USER $TOMCAT_LOG
+fi