tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: Tomcat 4.0/Solaris why doesn't tomcat follow soft links?
Date Fri, 15 Jun 2001 18:37:01 GMT
On Fri, 15 Jun 2001, Robert Evans wrote:

> Craig,
> 
> Thanks!  I missed that in the docs when I first went through them.  I found 
> the documentation on this feature, and now am wondering how much you know 
> about it.
> 
> On the system I am forced to configure this on, the users accounts are 
> mounted from a central nfs server.  This means that they do not have 
> entries in the /etc/passwd file, which I gather from the documentation is 
> used to generate the default Contexts.  It appears there is a "homeBase" 
> option which allows you to specify the location of a series of home 
> directories.  Do you know if I can use "/home", as the students directories 
> are automounted there?  Or do the home directories have to be hardmounted?
> 
> I'm experimenting with this option on a test server I have, and haven't 
> gotten it to work with a test case yet...If I get something working I'll 
> let you know.
> 

Well, since you're willing to be a bleeding edge pioneer (and since I
wrote this stuff), I'd *better* be willing to help!  :-)

If the users do not have entries in /etc/passwd, you are going to want to
use an alternative strategy to tell Tomcat what directories to look
at.  Try something like this:

  <Listener className="org.apache.catalina.startup.UserConfig"
       directory_name="public_html"
             homeBase="/home"
            userClass="org.apache.catalina.startup.HomesUserDatabase"/>

The key difference is that we're using a different "userClass" attribute
-- the one that says "mount all the user directories found in the
directory named by the 'homeBase' attribute" instead of the one that says
"mount all the user directories found in /etc/passwd".

Note also that, currently, Tomcat requires a user's public_html directory
to have a WEB-INF/web.xml file in it before it's recognized as a web
app.  That requirement is subject to negotiation (or perhaps even a
configuration flag) as far as I'm concerned, but it seemed correct when I
originally wrote this code.

And, of course, the operating system username under which you're running
Tomcat must have read access to the contents of the users's public_html
directories, and all the directories above them in the filesystem.

> A very appreciative,
> 
> Bob Evans
> 

Craig


> 
> At 10:56 AM 6/14/2001 -0700, you wrote:
> 
> 
> >On Thu, 14 Jun 2001, Robert Evans wrote:
> >
> > > Greetings,
> > >
> > > I am in the process of configuring Tomcat to be used with several classes
> > > at the Johns Hopkins University.  I would like to have each student have
> > > their own webapp in their public_html directory.
> > >
> > > I tried Tomcat 3.2.1, but couldn't get the security policy to work right
> > > (all jsp pages kept wanting to use the examples directory?)
> > >
> > > I am trying Tomcat 4.0B5, and was going to use soft links in the webapps
> > > directory to point to each students public_html directory.  The only
> > > problem is that Tomcat doesn't seem to want to follow the soft 
> > links.  If I
> > > make a real directory in the webapps dir, everything works fine, but if I
> > > try to use a soft linked one, I get:
> > >
> > >       Http Status 503 - This application is not currently available
> > >
> > >       The requested service(This application is not currently 
> > available) is
> > > not currently available
> > >
> > > Any suggestions/help would be greatly appreciated.  If I don't get this
> > > working within a week, it'll be back to the Java Web Server.  :-(
> > >
> > > Bob
> > >
> > >
> >
> >Not following symlinks is an unfortunate side effect of the processing
> >that Tomcat has to do to avoid directory name spoofing (/WeB-iNf) on case
> >insensitive platforms).  :-(
> >
> >For Tomcat 4, have you tried using the "user home directories" option, to
> >automatically recognize each student's public_html directory?  This will
> >save you having to configure them all into server.xml:
> >
> >     <Host name="localhost" ...>
> >
> >       ...
> >
> >       <Listener className="org.apache.catalina.startup.UserConfig"
> >             directoryName="public_html"
> >                 userClass="org.apache.catalina.startup.PasswdUserDatabase"/>
> >
> >       ...
> >
> >     </Host>
> >
> >Craig McClanahan
> 
> 
> 


Mime
View raw message