Hi all,
I'm stumped on a seemingly java/tomcat related issue and am hoping someone
can provide some help.
We have two users ('user1' and 'user2') on our linux server that share the
same group ('group1'). User 'user1' writes some files that have the
following permissions:
-rw-r----- 1 user1 group1 788 Sep 5 19:42 file.log
The folder containing this file has the following permissions:
drwxr-xr-- 2 user1 group1 4096 Sep 5 19:42 log
The tomcat web app is launched as user 'user2'. Below is the ps output for
the process. I've also verified that the java web app is running with gid
of the shared group 'group1'.
user2 31920 31919 99 21:30 ? 00:00:36 /usr/local/jre/bin/java
.... org.apache.catalina.startup.Bootstrap start
When the web app tries to read the file, *it gets the following exception*:
java.io.FileNotFoundException: /foo/bar/data/log/file.log (Permission
denied)
at java.io.RandomAccessFile.open(Native Method)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:233)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:118)
…
at java.lang.Thread.run(Thread.java:679)
However, while logged in as 'user2', I can run a simple
cat /foo/bar/data/log/file.log and* I can read the contents of the file*.
Also, if I provide 'other' read permissions to the file (e.g. -rw-r--r--
1 user1 group1 788 Sep 5 19:42 file.log), *the web app is able to read
the file*.
If I write a sample java application that tries to read this file and
execute it while logged in as 'user2', again *Java is able to read the file.
*
Tomcat doesn't seem to be using any security policy as far as I can tell.
Any ideas why the group permissions seem to be ignored by tomcat?
Thanks!
Udam
