Return-Path: 
 <issues-return-41713-apmail-commons-issues-archive=commons.apache.org@commons.apache.org>
X-Original-To: apmail-commons-issues-archive@minotaur.apache.org
Delivered-To: apmail-commons-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3E9D911DFF
	for <apmail-commons-issues-archive@minotaur.apache.org>;
 Mon,  2 Jun 2014 13:18:02 +0000 (UTC)
Received: (qmail 92507 invoked by uid 500); 2 Jun 2014 13:18:01 -0000
Delivered-To: apmail-commons-issues-archive@commons.apache.org
Received: (qmail 92351 invoked by uid 500); 2 Jun 2014 13:18:01 -0000
Mailing-List: contact issues-help@commons.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@commons.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@commons.apache.org>
List-Post: <mailto:issues@commons.apache.org>
List-Id: <issues.commons.apache.org>
Reply-To: issues@commons.apache.org
Delivered-To: mailing list issues@commons.apache.org
Received: (qmail 92090 invoked by uid 99); 2 Jun 2014 13:18:01 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Jun 2014 13:18:01 +0000
Date: Mon, 2 Jun 2014 13:18:01 +0000 (UTC)
From: "Tiago Oliveira (JIRA)" <jira@apache.org>
To: issues@commons.apache.org
Message-ID: <JIRA.12717896.1401713683595.57684.1401715081766@arcas>
In-Reply-To: <JIRA.12717896.1401713683595@arcas>
References: <JIRA.12717896.1401713683595@arcas>
Subject: [jira] [Commented] (DAEMON-318) children (controller) process
 doesnt use correct umask value
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/DAEMON-318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14015364#comment-14015364 ] 

Tiago Oliveira commented on DAEMON-318:
---------------------------------------

also, user tomcat has a umask of 0002

{noformat}
# getent passwd tomcat
tomcat:x:500:500::/home/tomcat:/bin/bash
{noformat}

{noformat}
# cat /home/tomcat/.bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin

export PATH
umask 0002
{noformat}

and still no good.


as a workaround i added to my /etc/init.d/tomcat7 the following lines:
{noformat}
OLD_UMASK=$(umask)
...
case $1 in
start)
umask 0002
$CATALINA_HOME/bin/daemon.sh --tomcat-user tomcat --catalina-home $CATALINA_HOME --java-home $JAVA_HOME start
umask $OLD_UMASK
;;
{noformat}


> children (controller) process doesnt use correct umask value
> ------------------------------------------------------------
>
>                 Key: DAEMON-318
>                 URL: https://issues.apache.org/jira/browse/DAEMON-318
>             Project: Commons Daemon
>          Issue Type: Bug
>          Components: Jsvc
>    Affects Versions: 1.0.15
>         Environment: Centos 6.5: 
> Linux staging 2.6.32-431.17.1.el6.x86_64 #1 SMP Wed May 7 23:32:49 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
> Java 7:
> java version "1.7.0_55"
> OpenJDK Runtime Environment (rhel-2.4.7.1.el6_5-x86_64 u55-b13)
> OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode)
> selinux enabled
> tomcat 7.0.54
> jsvc compiled from tar.gz in /bin
> build tools from distribution
> starting tomcat via daemon.sh start
> setenv.sh:
> {noformat}
> #!/bin/sh
> JSVC_OPTS="-umask 002"
> CATALINA_OPTS="$CATALINA_OPTS -server -Xms512m -Xmx1024m -XX:MaxPermSize=512m -Djava.awt.headless=true"
> export CATALINA_OPTS
> export JSVC_OPTS
> {noformat}
>            Reporter: Tiago Oliveira
>            Priority: Minor
>
> Expected behavior:
> after issuing -umask 002 to JSVC (with -tomcat-user != root, e.g. "tomcat"), child process (controller) have umask = 2
> Actual behavior:
> root process have umask = 2
> child process have umask = 18
> After runing daemon start:
> {noformat}
> NOTICE: jsvc umask of 002 allows write permission to group and/or other
> {noformat}
> Running instances:
> {noformat}
> # ps aux | grep jsvc
> root     11410  0.0  0.0  10436   480 ?        Ss   09:30   0:00 jsvc.exec -umask 002 -java-home /usr/lib/jvm/java-1.7.0 -user tomcat -pidfile /opt/apache/tomcat7/logs/catalina-daemon.pid -wait 10 -outfile /opt/apache/tomcat7/logs/catalina-daemon.out -errfile &1 -classpath /opt/apache/tomcat7/bin/bootstrap.jar:/opt/apache/tomcat7/bin/commons-daemon.jar:/opt/apache/tomcat7/bin/tomcat-juli.jar -Djava.util.logging.config.file=/opt/apache/tomcat7/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -server -Xms512m -Xmx1024m -XX:MaxPermSize=512m -Djava.awt.headless=true -Djava.endorsed.dirs= -Dcatalina.base=/opt/apache/tomcat7 -Dcatalina.home=/opt/apache/tomcat7 -Djava.io.tmpdir=/opt/apache/tomcat7/temp org.apache.catalina.startup.Bootstrap
> tomcat   11411 89.9 26.7 3919288 1048692 ?     Sl   09:30   1:24 jsvc.exec -umask 002 -java-home /usr/lib/jvm/java-1.7.0 -user tomcat -pidfile /opt/apache/tomcat7/logs/catalina-daemon.pid -wait 10 -outfile /opt/apache/tomcat7/logs/catalina-daemon.out -errfile &1 -classpath /opt/apache/tomcat7/bin/bootstrap.jar:/opt/apache/tomcat7/bin/commons-daemon.jar:/opt/apache/tomcat7/bin/tomcat-juli.jar -Djava.util.logging.config.file=/opt/apache/tomcat7/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -server -Xms512m -Xmx1024m -XX:MaxPermSize=512m -Djava.awt.headless=true -Djava.endorsed.dirs= -Dcatalina.base=/opt/apache/tomcat7 -Dcatalina.home=/opt/apache/tomcat7 -Djava.io.tmpdir=/opt/apache/tomcat7/temp org.apache.catalina.startup.Bootstrap
> {noformat}
> GDB output:
> {noformat}
> # gdb --pid=11410
> GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1)
> Copyright (C) 2010 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-redhat-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>.
> Attaching to process 11410
> Reading symbols from /opt/apache/apache-tomcat-7.0.54/bin/commons-daemon-1.0.15-native-src/unix/jsvc...done.
> Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libdl.so.2
> Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done.
> [Thread debugging using libthread_db enabled]
> Loaded symbols for /lib64/libpthread.so.0
> Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libc.so.6
> Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
> Loaded symbols for /lib64/ld-linux-x86-64.so.2
> Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libnss_files.so.2
> 0x00007fe71666e26e in waitpid () from /lib64/libpthread.so.0
> Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.132.el6_5.2.x86_64
> (gdb) call umask(0)
> $1 = 2
> (gdb) call umask(2)
> $2 = 0
> (gdb) quit
> A debugging session is active.
> # gdb --pid=11411
> GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1)
> Copyright (C) 2010 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-redhat-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>.
> Attaching to process 11411
> Reading symbols from /opt/apache/apache-tomcat-7.0.54/bin/commons-daemon-1.0.15-native-src/unix/jsvc...done.
> Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libdl.so.2
> Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done.
> [New LWP 11531]
> [New LWP 11530]
> [New LWP 11529]
> [New LWP 11528]
> [New LWP 11527]
> [New LWP 11523]
> [New LWP 11522]
> [New LWP 11521]
> [New LWP 11520]
> [New LWP 11519]
> [New LWP 11515]
> [New LWP 11514]
> [New LWP 11513]
> [New LWP 11512]
> [New LWP 11511]
> [New LWP 11506]
> [New LWP 11505]
> [New LWP 11504]
> [New LWP 11503]
> [New LWP 11502]
> [New LWP 11498]
> [New LWP 11497]
> [New LWP 11496]
> [New LWP 11495]
> [New LWP 11494]
> [New LWP 11493]
> [New LWP 11492]
> [New LWP 11491]
> [New LWP 11481]
> [New LWP 11480]
> [New LWP 11479]
> [New LWP 11478]
> [New LWP 11477]
> [New LWP 11476]
> [New LWP 11475]
> [New LWP 11474]
> [New LWP 11473]
> [New LWP 11471]
> [New LWP 11470]
> [New LWP 11469]
> [New LWP 11468]
> [New LWP 11467]
> [New LWP 11466]
> [New LWP 11465]
> [New LWP 11464]
> [New LWP 11463]
> [New LWP 11462]
> [New LWP 11461]
> [New LWP 11460]
> [New LWP 11459]
> [New LWP 11458]
> [New LWP 11449]
> [New LWP 11448]
> [New LWP 11446]
> [New LWP 11445]
> [New LWP 11444]
> [New LWP 11443]
> [New LWP 11442]
> [New LWP 11441]
> [New LWP 11440]
> [New LWP 11439]
> [New LWP 11438]
> [New LWP 11437]
> [New LWP 11436]
> [New LWP 11435]
> [New LWP 11431]
> [New LWP 11430]
> [New LWP 11429]
> [New LWP 11428]
> [New LWP 11427]
> [New LWP 11424]
> [New LWP 11423]
> [New LWP 11422]
> [New LWP 11421]
> [New LWP 11420]
> [New LWP 11419]
> [New LWP 11418]
> [New LWP 11417]
> [New LWP 11416]
> [New LWP 11415]
> [New LWP 11414]
> [New LWP 11413]
> [New LWP 11412]
> [Thread debugging using libthread_db enabled]
> Loaded symbols for /lib64/libpthread.so.0
> Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libc.so.6
> Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
> Loaded symbols for /lib64/ld-linux-x86-64.so.2
> Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libnss_files.so.2
> Reading symbols from /usr/lib/jvm/java-1.7.0/jre/lib/amd64/server/libjvm.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/jvm/java-1.7.0/jre/lib/amd64/server/libjvm.so
> Reading symbols from /usr/lib64/libstdc++.so.6...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib64/libstdc++.so.6
> Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libm.so.6
> Reading symbols from /lib64/libgcc_s.so.1...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libgcc_s.so.1
> Reading symbols from /lib64/librt.so.1...(no debugging symbols found)...done.
> Loaded symbols for /lib64/librt.so.1
> Reading symbols from /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libverify.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libverify.so
> Reading symbols from /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libjava.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libjava.so
> Reading symbols from /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libzip.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libzip.so
> Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libz.so.1
> Reading symbols from /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libnio.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libnio.so
> Reading symbols from /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libnet.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libnet.so
> Reading symbols from /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libmanagement.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libmanagement.so
> Reading symbols from /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libj2pkcs11.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libj2pkcs11.so
> Reading symbols from /usr/lib64/libnss3.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib64/libnss3.so
> Reading symbols from /usr/lib64/libnssutil3.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib64/libnssutil3.so
> Reading symbols from /lib64/libplc4.so...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libplc4.so
> Reading symbols from /lib64/libplds4.so...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libplds4.so
> Reading symbols from /lib64/libnspr4.so...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libnspr4.so
> Reading symbols from /usr/lib64/libsoftokn3.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib64/libsoftokn3.so
> Reading symbols from /usr/lib64/libsqlite3.so.0...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib64/libsqlite3.so.0
> Reading symbols from /usr/lib64/libfreebl3.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib64/libfreebl3.so
> Reading symbols from /lib64/libnss_dns.so.2...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libnss_dns.so.2
> Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done.
> Loaded symbols for /lib64/libresolv.so.2
> Reading symbols from /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libawt.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libawt.so
> Reading symbols from /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/headless/libmawt.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/headless/libmawt.so
> Reading symbols from /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libfontmanager.so...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/amd64/libfontmanager.so
> Reading symbols from /usr/lib64/libfreetype.so.6...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib64/libfreetype.so.6
> Reading symbols from /opt/apache/apache-tomcat-7.0.54/temp/jna/jna3638365466690122373.tmp...done.
> Loaded symbols for /opt/apache/apache-tomcat-7.0.54/temp/jna/jna3638365466690122373.tmp
> 0x00007fe716377ced in nanosleep () from /lib64/libc.so.6
> Missing separate debuginfos, use: debuginfo-install freetype-2.3.11-14.el6_3.1.x86_64 glibc-2.12-1.132.el6_5.2.x86_64 java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.x86_64 libgcc-4.4.7-4.el6.x86_64 libstdc++-4.4.7-4.el6.x86_64 nspr-4.10.2-1.el6_5.x86_64 nss-3.15.3-6.el6_5.x86_64 nss-softokn-3.14.3-10.el6_5.x86_64 nss-softokn-freebl-3.14.3-10.el6_5.x86_64 nss-util-3.15.3-1.el6_5.x86_64 sqlite-3.6.20-1.el6.x86_64 zlib-1.2.3-29.el6.x86_64
> (gdb) call umask(0)
> $1 = 18
> (gdb) call umask(18)
> $2 = 0
> (gdb) quit
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)