Richard Smith wrote: > > Hi All, > > Just wondering if you could help me clarify a few questions I have about > tomcat > and catalina.policy. Im running tomcat 4.0.4 (w/ security manager) with > mod_jk > on solaris with about 300+ users, all of whom can deploy jsp/servlets > from their public_html directory. >
I have never setup Tomcat to do this, but from reading the docs it looks like Tomcat instantiates a separate web application context for each user. > A user requirement is that they must is to be able to read/write files > in their > home directory. This is what im a little confused about. I understand I > can put > an entry like: > > permission java.io.FilePermission "/home/-", "read,write,delete,execute";" > I would never grant the "execute" permission, this allows Tomcat to use Runtime.exec() to execute shell scripts, etc.! The above permission w/o execute should be fine. > in catalina.policy, but how does this enable tomcat to write to other > user's > home directories (when tomcat is running as a user with minimal > privledges)? Or > must I change permissions on the file to allow the user that is running > tomcat > to write to it (is this the normal practice?). > Yes, if you want to allow the user web applications to write and delete files in their own home directory Tomcat would need r/w file permissions. This can be done by adding the tomcat user "tomcat" to the group(s) which your users are members of. Then setup permissions on the public_html directory of mode 2775. > Also, this is probably more a java question, but do standard unix > permissions > always take precedence over what is set in catalina.policy? (In my > understanding > the unix permissions take precedence, but I just wanted to make sure(please > excuse my java ignorance)) > Yes, unix file/dir ownership and permissions take precedence. > Any help appreciated, > > Cheers, > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
