Various Operating System have various File Directory/Protection mechanism and
user authentication schemas up on which certain authorization is granted, up on
which data (file and directory) protection is established.
Basically: In order to help you, the team or community needs to know (as said
yesterday) on what OS your working on!
Of major importance are the file system protection principles, such as access
rules (S:RWED, O:RWED, G:RE, W) and privileges granted to the process where the
JVM runs under.
In Open VMS I can assign the process under which the JVM runs, i.e. the BYPASS
priv. This would allow the JVM process to bypass any file protection mechanism
and access just any users director/file. However we have decided to give the
JVM running tomcat only NETMBX and TMPMBX. So this process JVM -.-.-. running
after all the servlet can call any java file service routines BUT will fail
except for files and directories belonging to him his own user-domain. i.e. for
axis2 web services under apache$specific:[000000] (the home dir of Apache
Jakarta Tomcat).
Given we would run the JVM under the OpenVMS system account (under the root
user in Unix) a user with BYPASS privileges by default, all types of file
access would work fine.
But as our web service process does not have BYPASS by default and is not
allowed to request it either, it would not have any access rights to any user
directory and file for which the other user would not have assigned the correct
file protection. i.e. W:RWED OR a ACLE first.
I have just written a Binary File Transfer from a Vista WCF Client to an
OpenVMS Axis2 Web Service Server.
Axis2 being a servlet for sure.
What authorization is granted to the process running the JVM, up on which
Tomcat runs up on which the Axis2 runs up on which my web service runs?
This is what you have to find out. The process running JVM may run with the
privileges of the apache$www user. In Linux/Solaris it may run as root user.
In VMS a file can be written to a given other users directory by assigning an
ACLE (Access Control List Entry) to the directory into which the axis2 web
service shall write a temporary directory and/or a file. The ACLE assigned to a
users directory would tell the file system that when a process has the rights
identifier as given by the ACLE, the process would also have the the access
rights granted as given by the ACLE.
Such a file system allows for very fine file system access granularity. i.e.
$ DIR/SEC stadelma.dir
Directory DKB3:[000000]
stadelma.DIR;1 [MATH,STADELMA] (RWE,RWE,RE,E)
(DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RWE,WORLD:RE)
(IDENTIFIER=[AP_HTTPD,APACHE$WWW],ACCESS=READ+WRITE+EXECUTE)
That is: stadelma.dir belongs to [MATH,STADELMA], [GID,UIC] and
any process belonging with a group ID of [AP_HTTPD and a UIC of APACHE$WWW] has
the following rights ACCESS=READ+WRITE+EXECEUTE
The process can read and write into stadelma.dir, and maybe some applications
demand for the EXECUTE right on stadelma.dir.
This is how it works for OpenVMS.
Now how does that work for Windows, Linux, etc. .... other OS?
Josef
-----Ursprüngliche Nachricht-----
Von: shyenuganti [mailto:[email protected]]
Gesendet: Dienstag, 2. März 2010 15:41
An: [email protected]
Betreff: Axis2 1.3 File Creation Error
Hi,
I am using Axis2 1.3 to provide a web service. In the business logic of the
service, I need to create some temporary directories and work on them. When
I actually create the temp directories and files, It shows that the
directories are created. I do have all the permissions to create the files.
But when I tried to read them, an exception is thrown. Does Axis2 servlet in
anyway prevent writing to the file system? Do I need to change any settings
in the conf file ?
Thank You.
Sri Harsha Yenuganti
--
View this message in context:
http://old.nabble.com/Axis2-1.3-File-Creation-Error-tp27756643p27756643.html
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
