tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aria Bamdad <>
Subject Re: Changing tomcat's group [OT]
Date Fri, 28 Apr 2006 12:56:46 GMT
On Thu, 27 Apr 2006 20:09:44 -0700 (PDT) Bob Hall said:
>How about making each application owner a member
>of the 'tomcat' group.

Bob, making each app owner a member of the tomcat group will allow different
app owners to look at each other's files.  For security, I need to keep each
applications files secure from the other.  So, I can't add each owner to the
tomcat group.  Even so, the application owner needs to have read/write access
to the files created which makes matters more complicated.

What I need is to either have tomcat create the files using the appropriate
group by maybe having tomcat do a 'newgrp' before executing an application
request.  Is this possible?  Is there a way to do a post- or pre- script
before running a request in tomcat?


>Then set the group permissions as read-only on
>the dirs/files:
>$ chmod -R g-w <app-dir>
>If you want to share the ability to write to
>a given app's dirs/files then you need to do more:
># allow members of tomcat group to write
>$ chmod -R g+w <app-dir>
># set group "sticky-bit"
>$ find . -type d | xargs chmod -R g+s <app-dir>
>You'll also need to somehow require that all
>app owners set their umask to 002 so that files
>and dirs created by them in the tomcat group app
>dirs are writeable by other tomcat group members.
>$ umask 002
>Overall, it's much simpler if the app owners
>only have read rights.
>Do You Yahoo!?
>Tired of spam?  Yahoo! Mail has the best spam protection around
>To unsubscribe, e-mail:
>For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message