tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Udam Dewaraja <udam.dewar...@gmail.com>
Subject Re: Tomcat running with a shared unix group but unable to read files with group permissions
Date Thu, 06 Sep 2012 20:42:19 GMT
In my code, the RandomAccess file is trying to do a read (code below).
That's why all my tests are doing reads.

logFile = new RandomAccessFile(fileToRead, "r");

The sample java application I ran executes the exact same line above (with
the same file) and reads the contents correctly. However, in Tomcat webapp,
this fails.

Thanks,
Udam

On Thu, Sep 6, 2012 at 1:15 PM, André Warnier <aw@ice-sa.com> wrote:

> Udam Dewaraja wrote:
>
>> Hi all,
>>
>> I'm stumped on a seemingly java/tomcat related issue and am hoping someone
>> can provide some help.
>>
>>
>> We have two users ('user1' and 'user2') on our linux server that share the
>> same group ('group1'). User 'user1' writes some files that have the
>> following permissions:
>>
>> -rw-r----- 1 user1 group1  788 Sep  5 19:42 file.log
>>
>> The folder containing this file has the following permissions:
>>
>> drwxr-xr--  2 user1 group1  4096 Sep  5 19:42 log
>>
>>
>> The tomcat web app is launched as user 'user2'. Below is the ps output for
>> the process. I've also verified that the java web app is running with gid
>> of the shared group 'group1'.
>>
>>
>> user2    31920 31919 99 21:30 ?        00:00:36 /usr/local/jre/bin/java
>> .... org.apache.catalina.startup.**Bootstrap start
>>
>> When the web app tries to read the file, *it gets the following
>> exception*:
>>
>>
>> java.io.FileNotFoundException: /foo/bar/data/log/file.log (Permission
>> denied)
>> at java.io.RandomAccessFile.open(**Native Method)
>> at java.io.RandomAccessFile.<**init>(RandomAccessFile.java:**233)
>> at java.io.RandomAccessFile.<**init>(RandomAccessFile.java:**118)
>>         …
>> at java.lang.Thread.run(Thread.**java:679)
>>
>>
>> However, while logged in as 'user2', I can run a simple
>> cat /foo/bar/data/log/file.log and* I can read the contents of the file*.
>>
>>
>> Also, if I provide 'other' read permissions to the file (e.g. -rw-r--r--
>> 1 user1 group1  788 Sep  5 19:42 file.log), *the web app is able to read
>> the file*.
>>
>>
>> If I write a sample java application that tries to read this file and
>> execute it while logged in as 'user2', again *Java is able to read the
>> file.
>>
>> *
>>
>>
>> Tomcat doesn't seem to be using any security policy as far as I can tell.
>> Any ideas why the group permissions seem to be ignored by tomcat?
>>
>>
>>  Nothing to do with Tomcat I think.
> Maybe it is because java.io.RandomAccessFile is a read/write kind of file,
> and the group just has read permission ?
> All your tests involve reading, not writing, and reading is allowed for
> the group.
>
> Google for java.io.RandomAccessFile.
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<users-unsubscribe@tomcat.apache.org>
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message