tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: running tomcat with root user.....umask in jsvc?
Date Mon, 02 Feb 2009 21:00:24 GMT wrote:
> That is a possible solution.  There is a fairly heavy amount of files uploaded from many
different users so it would mean a lot of configuration and a lot of maintenance to that config
as i add new users.  So I am trying to avoid the operating system chmod commands in my code.
I don't really like that either, and it does break if you ever (yuk) 
would decide to run your code on some other platform.

> If i add umask 002 in my ./etc/init.d/tomcat start up script it seems to fix the problem
but i think this is setting that umask for more than just tomcat so i am not sure how safe
that is.
As far as I can tell, it would only change the umask for the current 
process (the shell executing your startup script) and all its offsprings 
(jsvc, tomcat).  But it will do it for *everything* that these processes 
do (such as creating temporary files, logfiles, etc..).  That may indeed 
not be very secure. For instance, one thing which Tomcat to my knowledge 
does (if you have not disabled it) is to rewrite the "conf/users.xml" 
file each time it starts up (or stops ?).  That particular file is not 
essential, and maybe Tomcat does not do that anymore in recent versions, 
but there might be other such things lurking around unexpectedly.

I'm still a bit curious about how you did organise the upload 
directories and their rights and groups etc.. finally, because you want 
this one Tomcat user to be able to write into upload directories owned 
originally by other users, right ? Or at least, you want these other 
users afterward to have access to these files somehow.
So you must have established some common group or groups between the 
Tomcat user, and these other users, right ?
I am just wondering if by doing this, you have not "weakened" the 
general protection of all that stuff.

I had a quite similar case to resolve not so long ago (with Apache, not 
Tomcat), and only ended up with ACLs after being forced to use them, 
because no other solution would really provide the security I wanted.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message