tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: Changing file permissions from within tomcat does not work
Date Thu, 19 Aug 2004 14:31:39 GMT

This is typical of when apps step outside the Servlet Spec, which does
not include support for apps writing files except to a temporary
directory where permissions are guaranteed to be readable back by the
app and no more.

Tomcat supports running with a security manager, but you have to tell it
so explicitly by specifying -security when launching Tomcat.  If you're
doing this, you will need to modify your java security policy to include
setting file permissions.  But my guess is you're running without a
security manager, which is OK and the default.

So Runtime.exec should work.  You will need to pass it the complete path
to the file, as you cannot rely on the concept of "current working
directory" to be portable.  Runtime.exec is also a security risk in most

Yoav Shapira
Millennium Research Informatics

>-----Original Message-----
>From: news [] On Behalf Of Christian Riedel
>Sent: Thursday, August 19, 2004 10:22 AM
>Subject: Re: Changing file permissions from within tomcat does not work
>On 19.08.2004 15:35, QM wrote:
>> On Thu, Aug 19, 2004 at 11:28:16AM +0200, Christian Riedel wrote:
>> : Creating the file via FileOutputStream works fine. But
>> : the problem is, that the created file has the file-permissions
>> : although the system wide umask and the user-set umask say, that new
>> : files should be rw-r--r--.
>> I'm grasping here, but maybe there's something SecurityManager?
>hmm if so, it would be a Tomcat-Internal-Security Manager as the
>standalone test application I wrote works fine with doing the chmod. It
>only is not possible from within tomcat / the struts appliuation
>> : Can anyone help me please? I need to set the file to be
>> : because it is used by other users on the system as well.
>> Barring a Tomcat- or Java-only solution, you could run a cronjob that
>> periodically sets perms on the files in the upload dir.
>That is no option I am afriad, right after saving the file a script is
>called from the Application which has to read the file. And this script
>runs under a different user and grouid
>To reply to this posting directly use the following address and
>remove the 'NO-SPAM' part:
>To unsubscribe, e-mail:
>For additional commands, e-mail:

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message