Re: Files created by a Tomcat webapp and owner, owner group, permissions for this file

Tue, 11 Mar 2014 10:18:17 -0700 

Lmhelp1 wrote:
-- Files created by a Tomcat webapp and owner, owner group, permissions for this file -- 

Hello and thank you for reading my post.

I am running a "Tomcat v6.0" webapp on a "Debian 7.2 Wheezy" OS.

In particular, this webapp creates some files on the filesystem.

The files created have:
- "tomcat6" as the owner user,
- "tomcat6" as the owner group,

- 644 as the permissions granted to the owner, the owner group and 
others respectively.


Is it possible to change this behavior?

What I like to do is:
- set the owner user to "user1",
- set the owner group to "group1",
- set the permissions to 660
for every new file created.




It sounds like you have installed Tomcat 6, using the standard Ubuntu/Debian tomcat 
package (apt-get etc..).
That package is the one that specifies the user/group under which this Tomcat is running 
(in reality it is the java JVM which is running, and the JVM runs Tomcat and webapp code).
Since the JVM is started under the user/group "tomcat6", when the webapp creates a file, 
it uses that user/group, and the "umask" of that user, to set the file ownership and 
permissions.
To change this, you would have to change the user-id/group under which Tomcat is started 
(in /etc/init.d/tomcat6).
However, the Debian Tomcat package creates a lot of files in different places in the 
filesystem, each with user/group tomcat6, and corresponding permissions.
So it is going to be a lot of work to change all that and still have your Tomcat running 
properly.



It would probably be better, and less work in the end, to remove this packaged tomcat, and 
install a "real tomcat", from the Tomcat website.
Then you can specify a user-id under which to run, without getting in trouble with all the 
pre-installed files all over the place.



There may be other options (such as using ACLs on the directory where the files are 
created), but they are quite difficult to recommend without having access to your server.


The other thing is : do you have the code of that webapp and could you change 
it ?

And why do the files have to be owned by user1/group1 ? Is it because some other process 
must be able to read/write them ?
Can you not give to this other process the permissions to read/write the files of 
tomcat6/tomcat6 ? That may be easier to achieve.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to