Details
The context.xml file is loaded by all web applications and sets certain configuration options. It is recommended that access to this file has the proper permissions to properly protect from unauthorized changes.
Solution
Perform the following to restrict access to context.xml:
1. Set the ownership of the $CATALINA_HOME/conf/context.xml to
tomcat_admin:tomcat.
2. Remove read, write, and execute permissions for the world.
3. Remove write permissions for the group.
# chown tomcat_admin:tomcat $CATALINA_HOME/conf/context.xml
# chmod g-w,o-rwx $CATALINA_HOME/conf/context.xml
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.