tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Rohde <>
Subject RE: AW: File and directory permissions on Tomcat 8.5 tar archive
Date Fri, 24 Nov 2017 14:10:43 GMT

-----Original message-----
From: Christopher Schultz <>
Sent: Friday 24th November 2017 14:46
Subject: Re: AW: File and directory permissions on Tomcat 8.5 tar archive

Hash: SHA256


On 11/24/17 8:39 AM, Thomas Rohde wrote:
> -----Urspr√ľngliche Nachricht----- Von: Christopher Schultz
> [] Gesendet: Freitag, 24.
> November 2017 14:21 An: Betreff: Re: File
> and directory permissions on Tomcat 8.5 tar archive
> Rune,
> On 11/24/17 7:53 AM, Rune Rustand wrote:
>> Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 
>> (3.10.0-693.1.1.el7.x86_64)
>> Binary distributions tar archive
>> We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and
>> are using the core archive. The process is done by running a
>> puppet script that extracts the tar archive on all the servers
>> (many).
>> Are there any reasons why the file and directory permissions
>> differ from the tar archive and the zip archive?
> Good question. Evidently, both Info-Zip (the 'unzip' program
> usually found on *NIX-based systems) and Apache Ant understand the
> Info-Zip-specified extension to the ZIP format that encodes file
> permissions and both ought to respect them when both packing and
> unpacking the archive[1].
> I don't know enough about the ZIP file format to be able to inspect
> the archive to determine what's actually stored in there (to
> determine if the archive lacks the permissions or if the extraction
> process is at fault).
>> When I unpack the tar archive the permissions on files and
>> directories are not set for all users.
>> I unpack the archive like this: tar zxvpf
>> apache-tomcat-8.5.23.tar.gz
>> [snip]
>> For the zip file: unzip
>> [snip]
> Hmm. Those definitely *should be* producing the same file
> permissions... at least, I'd expect them to produce the same file
> permissions.
> I don't see any (missing) options to Apache ant's <zip> task that
> look like they would strip those file permissions. I also don't see
> any options for (Info-Zip) unzip that would be required to restore
> such permissions.
> IMHO, this should Just Work.
> -chris
> [1]
> ---------------------------------------------------------------------
To unsubscribe, e-mail:
> For additional commands, e-mail:
> While turning around the same issue this week I compared a
> apache-tomcat-8.5.14.tar.gz and an apache-tomcat-8.0.17.tar.gz.
> The permissions differ.
> With 8.0.17 files have rw-r--r-- and with 8.5.14 files have
> rw-r-----
> With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with
> 8.5.14 they have rwxr-x---
> This means others have no permissions in current Tomcat versions by
> default.
> I found that in the changelog of 8.5.0: Tighten up the default file
> permissions for the .tar.gz distribution so no files or directories
> are world readable by default. Configure Tomcat to run with a
> default umask of 0027 which may be overridden by setting UMASK in
> (markt)
> So I think it works like expected.

This is a comparison of file permissions coming from tar archives
versus *zip* archives, not a comparison of file permissions coming
from (only) tar archives from two different Tomcat versions.

- -chris
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -


To unsubscribe, e-mail:
For additional commands, e-mail:

I know. I presumed that ZIP don't carry any file permission. While extracting a zip file you
get the permissions depending on your umask. And that's the reason why the file permissions
of an extracted zip and and extracted tar differ.

The differences with Tomcat 8.0 are not so significant because of the default umasks on many
systems I think.



  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message