Chris,
-----Original message----- From: Christopher Schultz <ch...@christopherschultz.net> Sent: Friday 24th November 2017 14:46 To: users@tomcat.apache.org Subject: Re: AW: File and directory permissions on Tomcat 8.5 tar archive -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Thomas, On 11/24/17 8:39 AM, Thomas Rohde wrote: > > > -----Ursprüngliche Nachricht----- Von: Christopher Schultz > [mailto:ch...@christopherschultz.net] Gesendet: Freitag, 24. > November 2017 14:21 An: users@tomcat.apache.org Betreff: Re: File > and directory permissions on Tomcat 8.5 tar archive > > Rune, > > On 11/24/17 7:53 AM, Rune Rustand wrote: >> Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 >> (3.10.0-693.1.1.el7.x86_64) > > > >> Binary distributions tar archive > >> We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and >> are using the core archive. The process is done by running a >> puppet script that extracts the tar archive on all the servers >> (many). > >> Are there any reasons why the file and directory permissions >> differ from the tar archive and the zip archive? > > Good question. Evidently, both Info-Zip (the 'unzip' program > usually found on *NIX-based systems) and Apache Ant understand the > Info-Zip-specified extension to the ZIP format that encodes file > permissions and both ought to respect them when both packing and > unpacking the archive[1]. > > I don't know enough about the ZIP file format to be able to inspect > the archive to determine what's actually stored in there (to > determine if the archive lacks the permissions or if the extraction > process is at fault). > >> When I unpack the tar archive the permissions on files and >> directories are not set for all users. > >> I unpack the archive like this: tar zxvpf >> apache-tomcat-8.5.23.tar.gz > >> [snip] > >> For the zip file: unzip apache-tomcat-8.5.23.zip > >> [snip] > > Hmm. Those definitely *should be* producing the same file > permissions... at least, I'd expect them to produce the same file > permissions. > > I don't see any (missing) options to Apache ant's <zip> task that > look like they would strip those file permissions. I also don't see > any options for (Info-Zip) unzip that would be required to restore > such permissions. > > IMHO, this should Just Work. > > -chris > > [1] https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > While turning around the same issue this week I compared a > apache-tomcat-8.5.14.tar.gz and an apache-tomcat-8.0.17.tar.gz. > > The permissions differ. > > With 8.0.17 files have rw-r--r-- and with 8.5.14 files have > rw-r----- > > With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with > 8.5.14 they have rwxr-x--- > > This means others have no permissions in current Tomcat versions by > default. > > I found that in the changelog of 8.5.0: Tighten up the default file > permissions for the .tar.gz distribution so no files or directories > are world readable by default. Configure Tomcat to run with a > default umask of 0027 which may be overridden by setting UMASK in > setenv.sh. (markt) > > So I think it works like expected. This is a comparison of file permissions coming from tar archives versus *zip* archives, not a comparison of file permissions coming from (only) tar archives from two different Tomcat versions. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloYIo4ACgkQHPApP6U8 pFgo3hAAyjUnW8j885CPWUwffUCN++QWoRTP4qU/nV4X4P0SDrV6OZ7AN0g/ELGU klUqT6XRSaosHdxleVo4GKrP8vDg21XlezCsAZ6KclRvrtrGZ8yK0Toh+6Z4eyMc BReM/mqaiIeVhsq3BL8+gwpaYNsAxI68QGdLvYRe+wZ+AdZUXtPPQjrECC4fjFly kabmYuU37anAHOvMtGTPQWeqzLO0zPeA9GlIixKSknlzLedJ4ZkfBSOc8mBcaEcV aR08cHQyJyh/411p8o7gaWmZPR7cvUqN1/qgTd7E1ehJPhPiIi4Dz5CUD7Kw9Fa2 hzxxh9IBuJxc4ftGchltbKLZpoT9648Bt1zD3tzyAgZq0CMX3sibl7CM3v/NxxCc HYIImq9WrJlUNYactium9auDqfFNAJSW9WzTjCBWtwipcOMuW0kaCcQdJheQ6M3E /qUQ/M+A0aUgBxhZbuLy8R4Fx/wjReaSWg4pxMp9ZMwj+9XV32RlStz87vtuuww7 bosj9u4+weYpnfSnaUFrTSATFpJSus7bxzFw/nTY4+CsHiUwDt0pEAGVW/QNkCzX kgEKWEmMpzfSjQkj4/rvXTLu2aaLQrlVLcHHeADHkDt+rtUUp9h/EykNo2YaD3ca /gucCVnTU/6+doyiXLRyAjawVc9rYMeZ+N1RK1wbxgI/yGvtqqk= =XB2B -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org I know. I presumed that ZIP don't carry any file permission. While extracting a zip file you get the permissions depending on your umask. And that's the reason why the file permissions of an extracted zip and and extracted tar differ. The differences with Tomcat 8.0 are not so significant because of the default umasks on many systems I think. Regards Thomas
