tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: running tomcat with root user.....umask in jsvc?
Date Mon, 02 Feb 2009 23:10:30 GMT wrote:
I'm not a great security specialist, but your setup looks indeed safe 
enough, if the users are chrooted to their home directories.
I can't imagine how they could break out and access things they shouldn't.

Just one more question : how do you arrange to know who is uploading a 
file, and thus where to put it ?

As a footnote : having a basic problem similar to yours (under Apache, 
not Tomcat), I ended up with a solution like this, implemented with 
Apache and mod_perl, but which should be also transposable to Tomcat 
with servlet filters and such :

To allow users to upload their files, I implemented the standard DAV 
module in Apache (which also exists in Tomcat). This way, they can do 
drag-and-drop directly from within their Windows Explorer, to one 
directory structure on the server. And, I did not have to re-invent the 
wheel for uploading files.

But that did not at first allow me to know who was uploading the file, 
and what to do with it.
To know who was doing it, I thus added an HTTP authentication.
But still, DAV doesn't care, and uploads all the files under the user 
Apache (Tomcat) runs under.

So I added a couple of filters, one in front and one behind DAV. The 
front-end filter takes note of who this is (from the Apache 
authentication), and where the user thinks he is uploading the file to 
(from the URL), then changes the "PUT" URL sneakily (a la mod_rewrite), 
so that DAV now uploads the file in fact somewhere completely different, 
outside of the directories where the user thinks he is uploading.

Then right after DAV, another filter picks up the uploaded file from the 
known place where DAV put it, and moves it to the real destination and 
with the correct ownership and permissions (which it gets from where the 
first filter saved them).

It is a bit like another solution suggested earlier based on a separate 
daemon, only here everything happens in real-time.

I am sure this could be done in Tomcat with a servlet filter around the 
DAV webapp.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message