That is a possible solution. There is a fairly heavy amount of files uploaded from many different users so it would mean a lot of configuration and a lot of maintenance to that config as i add new users. So I am trying to avoid the operating system chmod commands in my code. If i add umask 002 in my ./etc/init.d/tomcat start up script it seems to fix the problem but i think this is setting that umask for more than just tomcat so i am not sure how safe that is.
> Date: Mon, 2 Feb 2009 21:05:15 +0100 > From: a...@ice-sa.com > To: users@tomcat.apache.org > Subject: Re: running tomcat with root user.....umask in jsvc? > > André Warnier wrote: > > epicwin...@hotmail.com wrote: > >> You are correct, I found a setting that relaxes the group access > >> permissions on the jailkit. > >> Now I just have one more problem. When tomcat creates files in these > >> user directories I need the permissions to be set appropriately. What > >> is the best way to set the umask value when running tomcat using jsvc? > >> > > That's a good question. > > I don't think jsvc would take any account of the Tomcat user's .profile > > file. > > ACLs would allow you to do that however :-) > > (Seriously, I believe you can set an ACL on the target directory that > > would make it so that when this particular user (Tomcat) creates a file > > there, it has by default a given set of permissions). > > Otherwise, you might have to do some kind of chmod from within your > > webapp itself, after it creates the file. I don't know what Java method > > that would be. > > > Replying to myself : upon further reflection, I am not even sure that > Java would have a method to do this, since it is supposed to be > platform-independent, and setting filesystem permissions and group > ownership is rather on the platform-dependent side. > How often do such upload requests come in ? I'm thinking that if this is > a single-platform solution, and file uploads don't come up tens per > second at a time, it may be possible (though I also don't know how) to > simply execute an OS-level command (chmod 0xxx filename; chgroup xxxxx > filename) from within a Tomcat webapp, or a servlet filter that would > run after the webapp. > > Otherwise, ACLs are complicated in terms of understanding the > documentation of setfacl; but once you have it down, it is after all > only a matter of running a single setfacl command once on each of your > target directories. And it has the advantage of being done totally > outside of your webapp, once and for all. It "sticks" to the directory, > not to your code. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > _________________________________________________________________ Windows Live™ Hotmail®:…more than just e-mail. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t2_hm_justgotbetter_explore_012009
