Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4DA46D311 for ; Thu, 6 Sep 2012 20:15:42 +0000 (UTC) Received: (qmail 28000 invoked by uid 500); 6 Sep 2012 20:15:38 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 27956 invoked by uid 500); 6 Sep 2012 20:15:38 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 27945 invoked by uid 99); 6 Sep 2012 20:15:38 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Sep 2012 20:15:38 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of aw@ice-sa.com designates 212.85.38.228 as permitted sender) Received: from [212.85.38.228] (HELO tor.combios.es) (212.85.38.228) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Sep 2012 20:15:29 +0000 Received: from [192.168.245.129] (montserrat.wissensbank.com [212.85.37.175]) by tor.combios.es (Postfix) with ESMTPA id 41482DA08C0 for ; Thu, 6 Sep 2012 22:15:07 +0200 (CEST) Message-ID: <50490448.3080807@ice-sa.com> Date: Thu, 06 Sep 2012 22:15:04 +0200 From: =?windows-1252?Q?Andr=E9_Warnier?= Reply-To: Tomcat Users List User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Tomcat running with a shared unix group but unable to read files with group permissions References: In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Udam Dewaraja wrote: > Hi all, > > I'm stumped on a seemingly java/tomcat related issue and am hoping someone > can provide some help. > > > We have two users ('user1' and 'user2') on our linux server that share the > same group ('group1'). User 'user1' writes some files that have the > following permissions: > > -rw-r----- 1 user1 group1 788 Sep 5 19:42 file.log > > The folder containing this file has the following permissions: > > drwxr-xr-- 2 user1 group1 4096 Sep 5 19:42 log > > > The tomcat web app is launched as user 'user2'. Below is the ps output for > the process. I've also verified that the java web app is running with gid > of the shared group 'group1'. > > > user2 31920 31919 99 21:30 ? 00:00:36 /usr/local/jre/bin/java > .... org.apache.catalina.startup.Bootstrap start > > When the web app tries to read the file, *it gets the following exception*: > > java.io.FileNotFoundException: /foo/bar/data/log/file.log (Permission > denied) > at java.io.RandomAccessFile.open(Native Method) > at java.io.RandomAccessFile.(RandomAccessFile.java:233) > at java.io.RandomAccessFile.(RandomAccessFile.java:118) > � > at java.lang.Thread.run(Thread.java:679) > > > However, while logged in as 'user2', I can run a simple > cat /foo/bar/data/log/file.log and* I can read the contents of the file*. > > Also, if I provide 'other' read permissions to the file (e.g. -rw-r--r-- > 1 user1 group1 788 Sep 5 19:42 file.log), *the web app is able to read > the file*. > > If I write a sample java application that tries to read this file and > execute it while logged in as 'user2', again *Java is able to read the file. > * > > > Tomcat doesn't seem to be using any security policy as far as I can tell. > Any ideas why the group permissions seem to be ignored by tomcat? > > Nothing to do with Tomcat I think. Maybe it is because java.io.RandomAccessFile is a read/write kind of file, and the group just has read permission ? All your tests involve reading, not writing, and reading is allowed for the group. Google for java.io.RandomAccessFile. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org