Comment 9 for bug 557300

There are several solutions:

1/ Only set the permissions on original installation (do not modify on upgrades)
2/ Make installation/upgrades look into /etc/default/tomcat6 to get the user name
3/ Make installation/upgrades respect dpkg-statoverride (do not change permissions on upgrades if dpkg-statoverridden)
4/ Preseed the user you want tomcat6 to run under

I think we want to keep the possibility to improve permissions on future upgrades, so solution (1) is not good. Solution (4) is technically the best, but it's a new feature so it's too much for a SRU.

As far as a Lucid SRU is concerned, solution (2) or (3) are the smallest change (they are not exclusive, btw). Both are slightly inconvenient (one requires the /etc/default/tomcat6 file to be present before install (or not purged from a previous install), while the other requires to run a few dpkg-statoverride/user creation/ authbind configuration commands). But they would survive upgrades perfectly. Let me know if that would be acceptable.

NB: I would keep the "tomcat6" group as is.