The Tomcat $CATALINA_HOME/logs directory contains Tomcat logs. It is recommended that the ownership of this directory be tomcat_admin:tomcat. It is also recommended that the permissions on this directory deny read, write, and execute for the world (o-rwx). Rationale: Restricting access to these directories will prevent local users from maliciously or inadvertently altering Tomcat's logs.
Solution
Perform the following to restrict access to Tomcat log files: Set the ownership of the $CATALINA_HOME/logs to tomcat_admin:tomcat. # chown tomcat_admin:tomcat $CATALINA_HOME/logs Remove read, write, and execute permissions for the world # chmod o-rwx $CATALINA_HOME/logs Default Value: The default permissions of the top-level directories are 770.