Carsten Schmitz wrote: > But I need a safe concept for a ftp user which should upload, delete and > manage the War file/Application. > > Tomcat 5.5 is running with tomcat:tomcat > Ftpuser is ftpuser:tomcat ... > In some circumstances it will be important for the ftp user to do some > changes to the unpacked application (mostly change some values in xml > files or altering some jsps), leaving the rest of the application > untouched. > > Tomcat is extracting the War file with tomcat:tomcat, but with group > permission read only for group. So the ftpuser belonging to group tomcat > has no chance to alter any files, bad. > > So I`ve got some questions: > > Is it possible to unpack a war file always with group permission > read/write? > Is there a way telling tomcat to extract war files with ownership > ftpuser:tomcat?
It might be that your tomcat is running with "umask 022" (or 027); if so, this would by default strip write access from group (which most often is the correct thing to do), and write access or all access by others. If it is so, you could change your tomcat startup to set the umask to 002 or 007 (permit write access to group, but prohibit write or any access by others). If that doesn't help, then a lot depends on your OS platform; it could be that it supports filesystem ACLs beyond the standard unix file permissions, which would make it possible to set default permissions on directory trees, or even to add auxiliary group permissions, and make these inheritable to any objects created within the tree. But from within Tomcat, no way that I know of (short of diving into the code to find out where the WARs are exploded, and changing the file permissions there. -- ..Juha --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]