tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Rohde <...@ordix.de>
Subject RE: AW: File and directory permissions on Tomcat 8.5 tar archive
Date Fri, 24 Nov 2017 14:10:43 GMT
Chris,



-----Original message-----
From: Christopher Schultz <chris@christopherschultz.net>
Sent: Friday 24th November 2017 14:46
To: users@tomcat.apache.org
Subject: Re: AW: File and directory permissions on Tomcat 8.5 tar archive


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Thomas,

On 11/24/17 8:39 AM, Thomas Rohde wrote:
> 
> 
> -----Urspr√ľngliche Nachricht----- Von: Christopher Schultz
> [mailto:chris@christopherschultz.net] Gesendet: Freitag, 24.
> November 2017 14:21 An: users@tomcat.apache.org Betreff: Re: File
> and directory permissions on Tomcat 8.5 tar archive
> 
> Rune,
> 
> On 11/24/17 7:53 AM, Rune Rustand wrote:
>> Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 
>> (3.10.0-693.1.1.el7.x86_64)
> 
> 
> 
>> Binary distributions tar archive
> 
>> We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and
>> are using the core archive. The process is done by running a
>> puppet script that extracts the tar archive on all the servers
>> (many).
> 
>> Are there any reasons why the file and directory permissions
>> differ from the tar archive and the zip archive?
> 
> Good question. Evidently, both Info-Zip (the 'unzip' program
> usually found on *NIX-based systems) and Apache Ant understand the
> Info-Zip-specified extension to the ZIP format that encodes file
> permissions and both ought to respect them when both packing and
> unpacking the archive[1].
> 
> I don't know enough about the ZIP file format to be able to inspect
> the archive to determine what's actually stored in there (to
> determine if the archive lacks the permissions or if the extraction
> process is at fault).
> 
>> When I unpack the tar archive the permissions on files and
>> directories are not set for all users.
> 
>> I unpack the archive like this: tar zxvpf
>> apache-tomcat-8.5.23.tar.gz
> 
>> [snip]
> 
>> For the zip file: unzip apache-tomcat-8.5.23.zip
> 
>> [snip]
> 
> Hmm. Those definitely *should be* producing the same file
> permissions... at least, I'd expect them to produce the same file
> permissions.
> 
> I don't see any (missing) options to Apache ant's <zip> task that
> look like they would strip those file permissions. I also don't see
> any options for (Info-Zip) unzip that would be required to restore
> such permissions.
> 
> IMHO, this should Just Work.
> 
> -chris
> 
> [1] https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation
> 
> ---------------------------------------------------------------------
>
> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> While turning around the same issue this week I compared a
> apache-tomcat-8.5.14.tar.gz and an apache-tomcat-8.0.17.tar.gz.
> 
> The permissions differ.
> 
> With 8.0.17 files have rw-r--r-- and with 8.5.14 files have
> rw-r-----
> 
> With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with
> 8.5.14 they have rwxr-x---
> 
> This means others have no permissions in current Tomcat versions by
> default.
> 
> I found that in the changelog of 8.5.0: Tighten up the default file
> permissions for the .tar.gz distribution so no files or directories
> are world readable by default. Configure Tomcat to run with a
> default umask of 0027 which may be overridden by setting UMASK in
> setenv.sh. (markt)
> 
> So I think it works like expected.

This is a comparison of file permissions coming from tar archives
versus *zip* archives, not a comparison of file permissions coming
from (only) tar archives from two different Tomcat versions.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloYIo4ACgkQHPApP6U8
pFgo3hAAyjUnW8j885CPWUwffUCN++QWoRTP4qU/nV4X4P0SDrV6OZ7AN0g/ELGU
klUqT6XRSaosHdxleVo4GKrP8vDg21XlezCsAZ6KclRvrtrGZ8yK0Toh+6Z4eyMc
BReM/mqaiIeVhsq3BL8+gwpaYNsAxI68QGdLvYRe+wZ+AdZUXtPPQjrECC4fjFly
kabmYuU37anAHOvMtGTPQWeqzLO0zPeA9GlIixKSknlzLedJ4ZkfBSOc8mBcaEcV
aR08cHQyJyh/411p8o7gaWmZPR7cvUqN1/qgTd7E1ehJPhPiIi4Dz5CUD7Kw9Fa2
hzxxh9IBuJxc4ftGchltbKLZpoT9648Bt1zD3tzyAgZq0CMX3sibl7CM3v/NxxCc
HYIImq9WrJlUNYactium9auDqfFNAJSW9WzTjCBWtwipcOMuW0kaCcQdJheQ6M3E
/qUQ/M+A0aUgBxhZbuLy8R4Fx/wjReaSWg4pxMp9ZMwj+9XV32RlStz87vtuuww7
bosj9u4+weYpnfSnaUFrTSATFpJSus7bxzFw/nTY4+CsHiUwDt0pEAGVW/QNkCzX
kgEKWEmMpzfSjQkj4/rvXTLu2aaLQrlVLcHHeADHkDt+rtUUp9h/EykNo2YaD3ca
/gucCVnTU/6+doyiXLRyAjawVc9rYMeZ+N1RK1wbxgI/yGvtqqk=
=XB2B
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



I know. I presumed that ZIP don't carry any file permission. While extracting a zip file you
get the permissions depending on your umask. And that's the reason why the file permissions
of an extracted zip and and extracted tar differ.



The differences with Tomcat 8.0 are not so significant because of the default umasks on many
systems I think.



Regards

Thomas

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message