On 12/17/2013 4:39 AM, Chris Wise wrote:
On Mon, Dec 16, 2013 at 10:25 PM, Mark Eggers <its_toas...@yahoo.com> wrote:
Inline response:
This is true, but shouldn't be a problem.
If you're running on a system that has ACL, then you could try the
following:
cd $CATALINA_BASE
setfacl -n -d -m u::rwx,g::rx,o::- logs
Read the setfacl / getfacl manual pages for more info.
To restore (remove the access control lists), run the following:
cd $CATALINA_BASE
setfacl -b logs
. . . just my two cents
/mde/
Hey Mark,
So the ACL option is a no-go. I'm willing to try your earlier suggestion
of the setenv.sh script, however I'm not sure what files Tomcat creates
other than log files and PID files that creating this script would affect.
Do you have any insight into that?
Appreciate all the help!
Chris
Chris,
There are not a lot of files that Tomcat creates.
1. log files, as we have been discussing
2. PID file - if enabled, and that depends on where you write it
3. serialized sessions
4. JSP files - generate a .java file and the corresponding class
5. looks like some Maven stuff may get unpacked in the work directory
I believe the serialized sessions go in java.io.tmpdir, which is
normally set to $CATALINA_BASE/temp. The JSP files (.jsp, .java, .class)
end up in $CATALINA_BASE/work/[Engine]/[Host], where [Engine] and [Host]
are from the Engine and Host elements in your server.xml.
This leaves out the biggest offender of them all - applications. An
application could write files out to specified directories (think file
uploading) which then get processed by other external applications. If
you do this, then potentially any external application will no longer be
able to manipulate those files.
Only you know your applications, so testing is obviously in order here.
You haven't said much about your environment, so I don't know what other
impact this will cause.
Did you install Tomcat from tomcat.apache.org, or from a distribution?
If you installed Tomcat from a distribution repackaging, components get
scattered everywhere, and the umask trick may cause some problems.
Are you running on an ext3 or ext4 file system? For an ext3-based
system, you can remount a file system to enable ACL. ACL is enabled by
default on ext4. Of course if you're running on a cloud platform, you
may have less control over this.
. . . just my two cents.
/mde/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
