Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Subject: Re: AW: File and directory permissions on Tomcat 8.5 tar archive
To: users@tomcat.apache.org
References: <CAF_hhdcvdPvQhKtCZod_6T4yKxMv7Dvpy1+SUobj+L3VRgiUxA@mail.gmail.com>
 <b6c1def4-6344-d12b-68ec-2b82d504168b@christopherschultz.net>
 <kcim.5a182111.2a01.3f8e2f696e4ac036@kopanixpb.ordix.de>
From: Christopher Schultz <chris@christopherschultz.net>
Message-ID: <452f3ef1-4af1-0e0a-e032-d121c16498ce@christopherschultz.net>
Date: Fri, 24 Nov 2017 08:45:50 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0)
 Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <kcim.5a182111.2a01.3f8e2f696e4ac036@kopanixpb.ordix.de>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
archived-at: Fri, 24 Nov 2017 13:45:56 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Thomas,

On 11/24/17 8:39 AM, Thomas Rohde wrote:
> 
> 
> -----Ursprüngliche Nachricht----- Von: Christopher Schultz
> [mailto:chris@christopherschultz.net] Gesendet: Freitag, 24.
> November 2017 14:21 An: users@tomcat.apache.org Betreff: Re: File
> and directory permissions on Tomcat 8.5 tar archive
> 
> Rune,
> 
> On 11/24/17 7:53 AM, Rune Rustand wrote:
>> Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 
>> (3.10.0-693.1.1.el7.x86_64)
> 
> 
> 
>> Binary distributions tar archive
> 
>> We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and
>> are using the core archive. The process is done by running a
>> puppet script that extracts the tar archive on all the servers
>> (many).
> 
>> Are there any reasons why the file and directory permissions
>> differ from the tar archive and the zip archive?
> 
> Good question. Evidently, both Info-Zip (the 'unzip' program
> usually found on *NIX-based systems) and Apache Ant understand the
> Info-Zip-specified extension to the ZIP format that encodes file
> permissions and both ought to respect them when both packing and
> unpacking the archive[1].
> 
> I don't know enough about the ZIP file format to be able to inspect
> the archive to determine what's actually stored in there (to
> determine if the archive lacks the permissions or if the extraction
> process is at fault).
> 
>> When I unpack the tar archive the permissions on files and
>> directories are not set for all users.
> 
>> I unpack the archive like this: tar zxvpf
>> apache-tomcat-8.5.23.tar.gz
> 
>> [snip]
> 
>> For the zip file: unzip apache-tomcat-8.5.23.zip
> 
>> [snip]
> 
> Hmm. Those definitely *should be* producing the same file
> permissions... at least, I'd expect them to produce the same file
> permissions.
> 
> I don't see any (missing) options to Apache ant's <zip> task that
> look like they would strip those file permissions. I also don't see
> any options for (Info-Zip) unzip that would be required to restore
> such permissions.
> 
> IMHO, this should Just Work.
> 
> -chris
> 
> [1] https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation
> 
> ---------------------------------------------------------------------
>
> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> While turning around the same issue this week I compared a
> apache-tomcat-8.5.14.tar.gz and an apache-tomcat-8.0.17.tar.gz.
> 
> The permissions differ.
> 
> With 8.0.17 files have rw-r--r-- and with 8.5.14 files have
> rw-r-----
> 
> With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with
> 8.5.14 they have rwxr-x---
> 
> This means others have no permissions in current Tomcat versions by
> default.
> 
> I found that in the changelog of 8.5.0: Tighten up the default file
> permissions for the .tar.gz distribution so no files or directories
> are world readable by default. Configure Tomcat to run with a
> default umask of 0027 which may be overridden by setting UMASK in
> setenv.sh. (markt)
> 
> So I think it works like expected.

This is a comparison of file permissions coming from tar archives
versus *zip* archives, not a comparison of file permissions coming
from (only) tar archives from two different Tomcat versions.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloYIo4ACgkQHPApP6U8
pFgo3hAAyjUnW8j885CPWUwffUCN++QWoRTP4qU/nV4X4P0SDrV6OZ7AN0g/ELGU
klUqT6XRSaosHdxleVo4GKrP8vDg21XlezCsAZ6KclRvrtrGZ8yK0Toh+6Z4eyMc
BReM/mqaiIeVhsq3BL8+gwpaYNsAxI68QGdLvYRe+wZ+AdZUXtPPQjrECC4fjFly
kabmYuU37anAHOvMtGTPQWeqzLO0zPeA9GlIixKSknlzLedJ4ZkfBSOc8mBcaEcV
aR08cHQyJyh/411p8o7gaWmZPR7cvUqN1/qgTd7E1ehJPhPiIi4Dz5CUD7Kw9Fa2
hzxxh9IBuJxc4ftGchltbKLZpoT9648Bt1zD3tzyAgZq0CMX3sibl7CM3v/NxxCc
HYIImq9WrJlUNYactium9auDqfFNAJSW9WzTjCBWtwipcOMuW0kaCcQdJheQ6M3E
/qUQ/M+A0aUgBxhZbuLy8R4Fx/wjReaSWg4pxMp9ZMwj+9XV32RlStz87vtuuww7
bosj9u4+weYpnfSnaUFrTSATFpJSus7bxzFw/nTY4+CsHiUwDt0pEAGVW/QNkCzX
kgEKWEmMpzfSjQkj4/rvXTLu2aaLQrlVLcHHeADHkDt+rtUUp9h/EykNo2YaD3ca
/gucCVnTU/6+doyiXLRyAjawVc9rYMeZ+N1RK1wbxgI/yGvtqqk=
=XB2B
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org