Re: file permission problem SOLVED

[Chris Cheshire]

On Mon, Dec 18, 2017 at 1:11 PM, Chris Cheshire  wrote:
> Since moving from a yum controlled installation of tomcat and starting
> tomcat via jsvc I have a problem with permissions of uploaded files.
>
> Now all files that are written by tomcat have permissions of 0600,
> where they used to be 0644. I need the to be group readable, world
> readable is not necessary.
>
> I tried setting the UMASK environment variable in my script that
> starts jsvc but that has no effect.
>
> #!/bin/sh
>
> export UMASK=0027
> export JAVA_HOME="/usr/lib/jvm/java-1.8.0"
> export TOMCAT_USER="sandbox1"
> export CATALINA_HOME="/usr/local/apache-tomcat-8.5.24"
> export CATALINA_BASE="/home/sandbox1/tomcat"
> export CATALINA_OUT="/var/log/catalina-1.out"
> export CATALINA_PID="/var/run/tomcat-1.pid"
>
> $CATALINA_HOME/bin/daemon.sh $*
>
>
> Where and to what do I set the umask such that uploaded files have at
> least group read permission?

Solved it. After digging through daemon.sh, I see it is adding
$JSVC_OPTS to the call to jsvc.
Doing some googling led me to
https://issues.apache.org/jira/browse/DAEMON-221, which unfortunately
is not documented in jsvc -help (I'll see what I can do to submit a
patch for that).

Thus, it is a matter of adding

export JSVC_OPTS="-umask 0027"

to the above script.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using CentOS 7 logrotate

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Lance,

On 12/19/17 10:30 AM, Campbell, Lance wrote:
> Tomcat 8.0.x CentOS 7 1) Is there a way to tell tomcat to put the
> logs for a running instance into /var/log/{somefoldername}/

Sure. Just change the paths of the log files to /var/log/somewhere.
Note that writing to /var is usually not allowed except by root-owned
processes, and running Tomcat as root as a Bad Idea.

You should also set CATALINA_OUT to point to
/var/log/somewhere/catalina.out as well. Set this in
CATALINA_BASE/setenv.sh.

> 2) Then have CentOS 7 logrotate take care of the rotation of the
> files?

Yes. Just configure logrotate as usual.

However:

1. Most Tomcat log files can rotate themselves quite well.
2. catalina.out is a special case because it's a redirected-stdout, so
you'll have the usual caveats about those kinds of things with
logrotate. I'd recommend either using copy+truncate or hack
catalina.sh to pipe stdout through a logger that supports rotation,
such as rotatelogs.

Hope that helps,
- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlo5QMkdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFhLVhAAyCYv+jA3SD59gEJb
+AHRtdc6C6CAkvcA9vwpxllqKTBfsW/Ojc1tq2wx+bVMa4c0qbY3SaZm05tcqcke
GXd+/Dx5ve0OdEKYcHk6VobOird5EAIdDvlE2DchgTT7x2r5/CocqAm3Gq4giFkU
fMESqm/BWG6S+Yt7I/v1LTumgPRwkKO13yYin9A4qEen2T6jb7wMx2NzfT8hWof0
XCiUbFQ7npC/vzkolmHaee+WXiuDih/FMFD1hfGm6wLLIW24V8H1eh6yXuNWJ/3O
tK1nHsTwYgRXnZroBQIEfHOGqSrcieDTxNbWdwfS+4E1GwmInDE/i5gIhtlQGAAd
9QAZL9IK75lG1K2TMj1peCXjEoShX2XolnpfkRxBxP0V2CAlPvTxlDGdWBdRPox2
I6y+XvyfbH83Ujxw6DiqfJckvcx2nFjC0oT92kRAxWtUnDaa2PJqcqSGS0deP7lg
eKMGbKSwepdRgG7yId54s0+bQtdYIjzT2EhKsu/MbBRXbQfnxa6c50S2Bdv7FyLi
+vQgaUJe0HCKv6wBtv2X16irS5AadruL5/mLse7BZs1jzTjXOrtwn9MQrAdMA6u8
I/OLKZH61AWkiTMcOm1AjvHFVDV828lv1IH1n41JW8SsFwpHBX91oBUibEBycGYf
M2ncrPx+3zxJwj6L9JN96wU5mCg=
=rOMs
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Using CentOS 7 logrotate

[Campbell, Lance]

Tomcat 8.0.x
CentOS 7
1) Is there a way to tell tomcat to put the logs for a running instance into 
/var/log/{somefoldername}/ .

2) Then have CentOS 7 logrotate take care of the rotation of the files?

Thanks,

Lance