tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Rohde <...@ordix.de>
Subject AW: File and directory permissions on Tomcat 8.5 tar archive
Date Fri, 24 Nov 2017 13:39:29 GMT


-----Urspr√ľngliche Nachricht-----
Von: Christopher Schultz [mailto:chris@christopherschultz.net] 
Gesendet: Freitag, 24. November 2017 14:21
An: users@tomcat.apache.org
Betreff: Re: File and directory permissions on Tomcat 8.5 tar archive

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Rune,

On 11/24/17 7:53 AM, Rune Rustand wrote:
> Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4
> (3.10.0-693.1.1.el7.x86_64)
> 
> 
> 
> Binary distributions tar archive
> 
> We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and are 
> using the core archive. The process is done by running a puppet script 
> that extracts the tar archive on all the servers (many).
> 
> Are there any reasons why the file and directory permissions differ 
> from the tar archive and the zip archive?

Good question. Evidently, both Info-Zip (the 'unzip' program usually found on *NIX-based systems)
and Apache Ant understand the Info-Zip-specified extension to the ZIP format that encodes
file permissions and both ought to respect them when both packing and unpacking the archive[1].

I don't know enough about the ZIP file format to be able to inspect the archive to determine
what's actually stored in there (to determine if the archive lacks the permissions or if the
extraction process is at fault).

> When I unpack the tar archive the permissions on files and directories 
> are not set for all users.
> 
> I unpack the archive like this: tar zxvpf apache-tomcat-8.5.23.tar.gz
> 
> [snip]
> 
> For the zip file: unzip apache-tomcat-8.5.23.zip
> 
> [snip]

Hmm. Those definitely *should be* producing the same file permissions... at least, I'd expect
them to produce the same file permissions.

I don't see any (missing) options to Apache ant's <zip> task that look like they would
strip those file permissions. I also don't see any options for (Info-Zip) unzip that would
be required to restore such permissions.

IMHO, this should Just Work.

- -chris

[1] https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloYHLMACgkQHPApP6U8
pFhIohAAmCj7pZufx9VexFHy7vl16HOdnQZ07swJ5kT4zuK29Ajv+l734Lykx0xT
YGpOmjc+lYW9B8Ewz/VaqzGuH485lWK8hMNtYzv/e4nytFvI6C4D2umm/GQwefy+
3YihUZPg0VPtw7mROYAHMYDtuPwUFbCi9Qs9rmAil+79+DIYE+RcKOuX6Da7Qbm1
xB85hHX0x2WaPbOOZh6FUcYzekMW1Nw07ggxIP7GknnnR+cWQlRo+MMufIFChCXN
f0iMGN5JEkkBuFH6j0s1IYgzxUH75pa3mqIA1T5nAv0B2VRELDCBs23MOah83w6K
eghMXT3eD3ti88HD7YcrC8dUzQczpNAbxsRNx5a0G2GNUVdb1u3oa/J8qUzFQrFT
5Aay5XlJgH7MYJOJxDezUojax2e372zniVaKMjhq9qKBeLoBYdCqHO/bfpkzYK9i
JARpc9PVczyQYXWpcjHvlvT3OF9MSlzVZbrqdIqNHYU5lH9rhSIp9O+bRkXQpluU
uEp2EeLk6rXtUdamKooW63RD1CDNjUjpXT/Hb2WrSYDrWu8gN7/1YpuNKo1nlILS
aet4dePuM/6Bd1Vs1oIi21YdKvwS2lQnr/XbKjqCwe/4qAJelHRDArHFp40cLlMv
B23azWYuu6kqr8aUMSXjplNTk5/i9mkYcVCUzJkN01ZZCTvPqwo=
=Rk3D
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


While turning around the same issue this week I compared a apache-tomcat-8.5.14.tar.gz and
an apache-tomcat-8.0.17.tar.gz.

The permissions differ.

With 8.0.17 files have rw-r--r-- and with 8.5.14 files have rw-r-----

With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with 8.5.14 they have rwxr-x---

This means others have no permissions in current Tomcat versions by default.

I found that in the changelog of 8.5.0:
Tighten up the default file permissions for the .tar.gz distribution so no files or directories
are world readable by default. Configure Tomcat to run with a default umask of 0027 which
may be overridden by setting UMASK in setenv.sh. (markt)

So I think it works like expected.

Regards
Thomas



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message