tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: AW: File and directory permissions on Tomcat 8.5 tar archive
Date Fri, 24 Nov 2017 14:23:46 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Thomas,

On 11/24/17 9:10 AM, Thomas Rohde wrote:
> -----Original message----- From: Christopher Schultz
> <chris@christopherschultz.net> Sent: Friday 24th November 2017
> 14:46 To: users@tomcat.apache.org Subject: Re: AW: File and
> directory permissions on Tomcat 8.5 tar archive
> 
> 
> Thomas,
> 
> On 11/24/17 8:39 AM, Thomas Rohde wrote:
> 
> 
>> -----Urspr√ľngliche Nachricht----- Von: Christopher Schultz 
>> [mailto:chris@christopherschultz.net] Gesendet: Freitag, 24. 
>> November 2017 14:21 An: users@tomcat.apache.org Betreff: Re:
>> File and directory permissions on Tomcat 8.5 tar archive
> 
>> Rune,
> 
>> On 11/24/17 7:53 AM, Rune Rustand wrote:
>>> Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 
>>> (3.10.0-693.1.1.el7.x86_64)
> 
> 
> 
>>> Binary distributions tar archive
> 
>>> We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5,
>>> and are using the core archive. The process is done by running
>>> a puppet script that extracts the tar archive on all the
>>> servers (many).
> 
>>> Are there any reasons why the file and directory permissions 
>>> differ from the tar archive and the zip archive?
> 
>> Good question. Evidently, both Info-Zip (the 'unzip' program 
>> usually found on *NIX-based systems) and Apache Ant understand
>> the Info-Zip-specified extension to the ZIP format that encodes
>> file permissions and both ought to respect them when both packing
>> and unpacking the archive[1].
> 
>> I don't know enough about the ZIP file format to be able to
>> inspect the archive to determine what's actually stored in there
>> (to determine if the archive lacks the permissions or if the
>> extraction process is at fault).
> 
>>> When I unpack the tar archive the permissions on files and 
>>> directories are not set for all users.
> 
>>> I unpack the archive like this: tar zxvpf 
>>> apache-tomcat-8.5.23.tar.gz
> 
>>> [snip]
> 
>>> For the zip file: unzip apache-tomcat-8.5.23.zip
> 
>>> [snip]
> 
>> Hmm. Those definitely *should be* producing the same file 
>> permissions... at least, I'd expect them to produce the same
>> file permissions.
> 
>> I don't see any (missing) options to Apache ant's <zip> task
>> that look like they would strip those file permissions. I also
>> don't see any options for (Info-Zip) unzip that would be required
>> to restore such permissions.
> 
>> IMHO, this should Just Work.
> 
>> -chris
> 
>> [1]
>> https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation
> 
>> ---------------------------------------------------------------------
>
>> 
> 
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
>> While turning around the same issue this week I compared a 
>> apache-tomcat-8.5.14.tar.gz and an apache-tomcat-8.0.17.tar.gz.
> 
>> The permissions differ.
> 
>> With 8.0.17 files have rw-r--r-- and with 8.5.14 files have 
>> rw-r-----
> 
>> With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with 
>> 8.5.14 they have rwxr-x---
> 
>> This means others have no permissions in current Tomcat versions
>> by default.
> 
>> I found that in the changelog of 8.5.0: Tighten up the default
>> file permissions for the .tar.gz distribution so no files or
>> directories are world readable by default. Configure Tomcat to
>> run with a default umask of 0027 which may be overridden by
>> setting UMASK in setenv.sh. (markt)
> 
>> So I think it works like expected.
> 
> This is a comparison of file permissions coming from tar archives 
> versus *zip* archives, not a comparison of file permissions coming 
> from (only) tar archives from two different Tomcat versions.
> 
> -chris
> 
> ---------------------------------------------------------------------
>
> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 
> I know. I presumed that ZIP don't carry any file permission.

So you didn't read my reply, then.

> While extracting a zip file you get the permissions depending on
> your umask.

What makes you think that the umask doesn't apply the same way to
files extracted from a zip file versus a tar file?

> And that's the reason why the file permissions of an extracted zip
> and and extracted tar differ.

I don't think so.

> The differences with Tomcat 8.0 are not so significant because of
> the default umasks on many systems I think.

Nope.

This is one person on one system, not a variety of environments,
umasks, etc. I suspect that the file permissions are simply not
present in the Tomcat 8.5.x zip distributions for some reason, but I
haven't yet validated that suspicion.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloYK3IACgkQHPApP6U8
pFgkhxAAxJ+ty8rmDs6V7IZgI5yl+VJJRjCbMaiPLW2aR1m1AtPHBW0TxJ36eMLJ
LMlOeOrZBwBbHwb8Tf3N7tKbPGEPEM7acEsjCxMi3G507oCnBgXX1LnPY2wG8jzf
zlS+OXf5g+ZV6N8EjhV72k5ElH94IzYWWBzsu205jruwe1Ge8QP7BVeGtWjthP8o
jfQOuyQbEcihdGkyLQAZqMxjgcAwX1hrau0xXe1HrW3M7thXR/VwJst3aIbbPDX6
DkO1ruEniJLijp1CIHrZf9hBDRLZmC9FLXeDMhwrGidIteeqDP2SuaBirbTJHkRA
crWnbTdz7OdwjM3//s5KIH5xlvmw+U7dOewy5wfDg2u4bsQ1v9ADNqXZM6uNUwR3
F6xCb749bZU0epaoVhINQnGwJcvOvC+NM40klRbyZcb/IccfgGEGcDLncreabU3b
3gzfWYNXAc26jYcmCCTHk17sFD9PBLcqGpbPgG9NxBvcc0rE9n5rEhaeI8VIKInx
1/aP6zxlCxyJIRfvftuQvb4vq9RkCZsSbFkTUxJCl0K7wLGnPnYkfCCGFaWCdlTM
0GA0Vl4Ksub4Bmf+vt/mL93K4nwnYKS3Ygg5ATotPNO9bGKLVNjFat1GMc9hjiZJ
iY5cH/chAXqn8sC+jbBobB4Ijf+xRQ8mWQddev1Zf5N6fzxWa4c=
=SSDT
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message