On Thu, 27 Apr 2006 20:09:44 -0700 (PDT) Bob Hall said: > >How about making each application owner a member >of the 'tomcat' group.
Bob, making each app owner a member of the tomcat group will allow different app owners to look at each other's files. For security, I need to keep each applications files secure from the other. So, I can't add each owner to the tomcat group. Even so, the application owner needs to have read/write access to the files created which makes matters more complicated. What I need is to either have tomcat create the files using the appropriate group by maybe having tomcat do a 'newgrp' before executing an application request. Is this possible? Is there a way to do a post- or pre- script before running a request in tomcat? Thanks. Aria. > >Then set the group permissions as read-only on >the dirs/files: > >$ chmod -R g-w <app-dir> > >If you want to share the ability to write to >a given app's dirs/files then you need to do more: > ># allow members of tomcat group to write >$ chmod -R g+w <app-dir> > ># set group "sticky-bit" >$ find . -type d | xargs chmod -R g+s <app-dir> > >You'll also need to somehow require that all >app owners set their umask to 002 so that files >and dirs created by them in the tomcat group app >dirs are writeable by other tomcat group members. > >$ umask 002 > >Overall, it's much simpler if the app owners >only have read rights. > >-Bob > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
