tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "" <>
Subject RE: running tomcat with root user.....umask in jsvc?
Date Tue, 03 Feb 2009 00:49:49 GMT

> Date: Tue, 3 Feb 2009 00:10:30 +0100
> From:
> To:
> Subject: Re: running tomcat with root user.....umask in jsvc?
> wrote:
> [...]
> I'm not a great security specialist, but your setup looks indeed safe 
> enough, if the users are chrooted to their home directories.
> I can't imagine how they could break out and access things they shouldn't.
> Just one more question : how do you arrange to know who is uploading a 
> file, and thus where to put it ?

Well each customer gets assigned it's own jailed user.  The uploading facility is completely
underneath a swing gui so all the customer knows is that the upload button works.  When the
customer logs in to their swing client they load some settings requested from the server,
one of these settings happens to be their sftp login for the server and the other is the upload
directory.  So the server holds all this info in config files and the ysers don't even ever
know what their login is.  

> As a footnote : having a basic problem similar to yours (under Apache, 
> not Tomcat), I ended up with a solution like this, implemented with 
> Apache and mod_perl, but which should be also transposable to Tomcat 
> with servlet filters and such :
> To allow users to upload their files, I implemented the standard DAV 
> module in Apache (which also exists in Tomcat). This way, they can do 
> drag-and-drop directly from within their Windows Explorer, to one 
> directory structure on the server. And, I did not have to re-invent the 
> wheel for uploading files.
> But that did not at first allow me to know who was uploading the file, 
> and what to do with it.
> To know who was doing it, I thus added an HTTP authentication.
> But still, DAV doesn't care, and uploads all the files under the user 
> Apache (Tomcat) runs under.
> So I added a couple of filters, one in front and one behind DAV. The 
> front-end filter takes note of who this is (from the Apache 
> authentication), and where the user thinks he is uploading the file to 
> (from the URL), then changes the "PUT" URL sneakily (a la mod_rewrite), 
> so that DAV now uploads the file in fact somewhere completely different, 
> outside of the directories where the user thinks he is uploading.
> Then right after DAV, another filter picks up the uploaded file from the 
> known place where DAV put it, and moves it to the real destination and 
> with the correct ownership and permissions (which it gets from where the 
> first filter saved them).
> It is a bit like another solution suggested earlier based on a separate 
> daemon, only here everything happens in real-time.
> I am sure this could be done in Tomcat with a servlet filter around the 
> DAV webapp.
I haven't done much with those filters, but i like the idea of using the filters for something
like this, it is nice that it is at least somewhat external to core code.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Windows Live™ Hotmail®:…more than just e-mail.
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message