tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian J. Sayatovic" <>
Subject How does Tomcat interact with filesystem file permissions
Date Thu, 24 Mar 2005 01:38:31 GMT
I'm curious to know how Tomcat interacts with file permissions in the 
native filesystem.  For example, I'm running Tomcat 5.5 on Windows XP 
SP2 as a service under the Local System account.  I'm also using Tagisj 
JAAS as a JAAS Realm so Tomcat can use my XP credentials.

I have my default context set to a directory with some static HTML 
content.  I also have folders in that directory that have reestricted 
permissions to certain groups I have defined in XP.  However, just 
hitting my website as an anonymous user, Tomcat willingly lets people 
into those folders.  Instead, I've had to put security constraints in my 
web.xml listing the groups that I wanted the folders restricted to.

So is all file access from the DefaultServlet performed as the Local 
System account?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message