tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "" <>
Subject RE: running tomcat with root user.....umask in jsvc?
Date Mon, 02 Feb 2009 20:43:36 GMT

That is a possible solution.  There is a fairly heavy amount of files uploaded from many different
users so it would mean a lot of configuration and a lot of maintenance to that config as i
add new users.  So I am trying to avoid the operating system chmod commands in my code.  
If i add umask 002 in my ./etc/init.d/tomcat start up script it seems to fix the problem but
i think this is setting that umask for more than just tomcat so i am not sure how safe that

> Date: Mon, 2 Feb 2009 21:05:15 +0100
> From:
> To:
> Subject: Re: running tomcat with root user.....umask in jsvc?
> André Warnier wrote:
> > wrote:
> >> You are correct, I found a setting that relaxes the group access 
> >> permissions on the jailkit. 
> >> Now I just have one more problem.  When tomcat creates files in these 
> >> user directories I need the permissions to be set appropriately.  What 
> >> is the best way to set the umask value when running tomcat using jsvc?
> >>
> > That's a good question.
> > I don't think jsvc would take any account of the Tomcat user's .profile 
> > file.
> > ACLs would allow you to do that however :-)
> > (Seriously, I believe you can set an ACL on the target directory that 
> > would make it so that when this particular user (Tomcat) creates a file 
> > there, it has by default a given set of permissions).
> > Otherwise, you might have to do some kind of chmod from within your 
> > webapp itself, after it creates the file. I don't know what Java method 
> > that would be.
> > 
> Replying to myself : upon further reflection, I am not even sure that 
> Java would have a method to do this, since it is supposed to be 
> platform-independent, and setting filesystem permissions and group 
> ownership is rather on the platform-dependent side.
> How often do such upload requests come in ? I'm thinking that if this is 
> a single-platform solution, and file uploads don't come up tens per 
> second at a time, it may be possible (though I also don't know how) to 
> simply execute an OS-level command (chmod 0xxx filename; chgroup xxxxx 
> filename) from within a Tomcat webapp, or a servlet filter that would 
> run after the webapp.
> Otherwise, ACLs are complicated in terms of understanding the 
> documentation of setfacl; but once you have it down, it is after all 
> only a matter of running a single setfacl command once on each of your 
> target directories. And it has the advantage of being done totally 
> outside of your webapp, once and for all. It "sticks" to the directory, 
> not to your code.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Windows Live™ Hotmail®:…more than just e-mail.
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message