As far as I can tell, this is now working okay. I haven't been able to test a package upgrade, but have tried installing a new package with and without /etc/default/tomcat6 already existing and with/without TOMCAT6_[USER|GROUP] being set and all seems well. If the tomcat6 user and group are customised, the package sets the ownership as requested and also does not create any extra users or groups.
The only slight problem is that the group for the log and cache directories is hard-coded to adm and any post-installation changes will be reverted by package updates. I think we can live with this, but we had previously changed this group to be the same as the group for the other directories.
It is not possible for a sysadmin to tweak the permissions of directories as these will not be honoured by future package updates (no statoverride checks). I believe this is intentional.
As far as I can tell, this is now working okay. I haven't been able to test a package upgrade, but have tried installing a new package with and without /etc/default/ tomcat6 already existing and with/without TOMCAT6_ [USER|GROUP] being set and all seems well. If the tomcat6 user and group are customised, the package sets the ownership as requested and also does not create any extra users or groups.
The only slight problem is that the group for the log and cache directories is hard-coded to adm and any post-installation changes will be reverted by package updates. I think we can live with this, but we had previously changed this group to be the same as the group for the other directories.
It is not possible for a sysadmin to tweak the permissions of directories as these will not be honoured by future package updates (no statoverride checks). I believe this is intentional.