Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id AB821200D49 for ; Fri, 24 Nov 2017 15:23:52 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id AA549160BF2; Fri, 24 Nov 2017 14:23:52 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id D0770160BEE for ; Fri, 24 Nov 2017 15:23:51 +0100 (CET) Received: (qmail 8954 invoked by uid 500); 24 Nov 2017 14:23:50 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 8943 invoked by uid 99); 24 Nov 2017 14:23:50 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Nov 2017 14:23:50 +0000 Received: from Christophers-MacBook-Pro.local (pool-108-45-29-103.washdc.fios.verizon.net [108.45.29.103]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 63E851A006D for ; Fri, 24 Nov 2017 14:23:48 +0000 (UTC) Subject: Re: AW: File and directory permissions on Tomcat 8.5 tar archive To: users@tomcat.apache.org References: From: Christopher Schultz Message-ID: <511a2da8-169c-f010-4574-7c2e0e74a6cd@christopherschultz.net> Date: Fri, 24 Nov 2017 09:23:46 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit archived-at: Fri, 24 Nov 2017 14:23:52 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Thomas, On 11/24/17 9:10 AM, Thomas Rohde wrote: > -----Original message----- From: Christopher Schultz > Sent: Friday 24th November 2017 > 14:46 To: users@tomcat.apache.org Subject: Re: AW: File and > directory permissions on Tomcat 8.5 tar archive > > > Thomas, > > On 11/24/17 8:39 AM, Thomas Rohde wrote: > > >> -----Ursprüngliche Nachricht----- Von: Christopher Schultz >> [mailto:chris@christopherschultz.net] Gesendet: Freitag, 24. >> November 2017 14:21 An: users@tomcat.apache.org Betreff: Re: >> File and directory permissions on Tomcat 8.5 tar archive > >> Rune, > >> On 11/24/17 7:53 AM, Rune Rustand wrote: >>> Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 >>> (3.10.0-693.1.1.el7.x86_64) > > > >>> Binary distributions tar archive > >>> We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, >>> and are using the core archive. The process is done by running >>> a puppet script that extracts the tar archive on all the >>> servers (many). > >>> Are there any reasons why the file and directory permissions >>> differ from the tar archive and the zip archive? > >> Good question. Evidently, both Info-Zip (the 'unzip' program >> usually found on *NIX-based systems) and Apache Ant understand >> the Info-Zip-specified extension to the ZIP format that encodes >> file permissions and both ought to respect them when both packing >> and unpacking the archive[1]. > >> I don't know enough about the ZIP file format to be able to >> inspect the archive to determine what's actually stored in there >> (to determine if the archive lacks the permissions or if the >> extraction process is at fault). > >>> When I unpack the tar archive the permissions on files and >>> directories are not set for all users. > >>> I unpack the archive like this: tar zxvpf >>> apache-tomcat-8.5.23.tar.gz > >>> [snip] > >>> For the zip file: unzip apache-tomcat-8.5.23.zip > >>> [snip] > >> Hmm. Those definitely *should be* producing the same file >> permissions... at least, I'd expect them to produce the same >> file permissions. > >> I don't see any (missing) options to Apache ant's task >> that look like they would strip those file permissions. I also >> don't see any options for (Info-Zip) unzip that would be required >> to restore such permissions. > >> IMHO, this should Just Work. > >> -chris > >> [1] >> https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation > >> --------------------------------------------------------------------- > >> > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >> For additional commands, e-mail: users-help@tomcat.apache.org > > >> While turning around the same issue this week I compared a >> apache-tomcat-8.5.14.tar.gz and an apache-tomcat-8.0.17.tar.gz. > >> The permissions differ. > >> With 8.0.17 files have rw-r--r-- and with 8.5.14 files have >> rw-r----- > >> With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with >> 8.5.14 they have rwxr-x--- > >> This means others have no permissions in current Tomcat versions >> by default. > >> I found that in the changelog of 8.5.0: Tighten up the default >> file permissions for the .tar.gz distribution so no files or >> directories are world readable by default. Configure Tomcat to >> run with a default umask of 0027 which may be overridden by >> setting UMASK in setenv.sh. (markt) > >> So I think it works like expected. > > This is a comparison of file permissions coming from tar archives > versus *zip* archives, not a comparison of file permissions coming > from (only) tar archives from two different Tomcat versions. > > -chris > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > > > I know. I presumed that ZIP don't carry any file permission. So you didn't read my reply, then. > While extracting a zip file you get the permissions depending on > your umask. What makes you think that the umask doesn't apply the same way to files extracted from a zip file versus a tar file? > And that's the reason why the file permissions of an extracted zip > and and extracted tar differ. I don't think so. > The differences with Tomcat 8.0 are not so significant because of > the default umasks on many systems I think. Nope. This is one person on one system, not a variety of environments, umasks, etc. I suspect that the file permissions are simply not present in the Tomcat 8.5.x zip distributions for some reason, but I haven't yet validated that suspicion. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloYK3IACgkQHPApP6U8 pFgkhxAAxJ+ty8rmDs6V7IZgI5yl+VJJRjCbMaiPLW2aR1m1AtPHBW0TxJ36eMLJ LMlOeOrZBwBbHwb8Tf3N7tKbPGEPEM7acEsjCxMi3G507oCnBgXX1LnPY2wG8jzf zlS+OXf5g+ZV6N8EjhV72k5ElH94IzYWWBzsu205jruwe1Ge8QP7BVeGtWjthP8o jfQOuyQbEcihdGkyLQAZqMxjgcAwX1hrau0xXe1HrW3M7thXR/VwJst3aIbbPDX6 DkO1ruEniJLijp1CIHrZf9hBDRLZmC9FLXeDMhwrGidIteeqDP2SuaBirbTJHkRA crWnbTdz7OdwjM3//s5KIH5xlvmw+U7dOewy5wfDg2u4bsQ1v9ADNqXZM6uNUwR3 F6xCb749bZU0epaoVhINQnGwJcvOvC+NM40klRbyZcb/IccfgGEGcDLncreabU3b 3gzfWYNXAc26jYcmCCTHk17sFD9PBLcqGpbPgG9NxBvcc0rE9n5rEhaeI8VIKInx 1/aP6zxlCxyJIRfvftuQvb4vq9RkCZsSbFkTUxJCl0K7wLGnPnYkfCCGFaWCdlTM 0GA0Vl4Ksub4Bmf+vt/mL93K4nwnYKS3Ygg5ATotPNO9bGKLVNjFat1GMc9hjiZJ iY5cH/chAXqn8sC+jbBobB4Ijf+xRQ8mWQddev1Zf5N6fzxWa4c= =SSDT -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org