Thank you for your answers.
> It sounds like you have installed Tomcat 6, using the standard
Ubuntu/Debian tomcat package (apt-get etc..).
Yes indeed.
> That package is the one that specifies the user/group under which
this Tomcat is running (in reality it is the java JVM which is running,
and the JVM runs Tomcat and webapp code).
> Since the JVM is started under the user/group "tomcat6", when the
webapp creates a file, it uses that user/group, and the "umask" of that
user, to set the file ownership and permissions.
Yes, it looks like this is it.
> To change this, you would have to change the user-id/group under
which Tomcat is started (in /etc/init.d/tomcat6).
> However, the Debian Tomcat package creates a lot of files in
different places in the filesystem, each with user/group tomcat6, and
corresponding permissions.
> So it is going to be a lot of work to change all that and still have
your Tomcat running properly.
All right, I won't do this then.
> It would probably be better, and less work in the end, to remove this
packaged tomcat, and install a "real tomcat", from the Tomcat website.
> Then you can specify a user-id under which to run, without getting in
trouble with all the pre-installed files all over the place.
Thank you, I understand. But I'm not going to do this either.
> There may be other options (such as using ACLs on the directory where
the files are created), but they are quite difficult to recommend
without having access to your server.
I do have full access to the server...
I'm interested in this solution but I couldn't find a way to "force" the
file owner, owner group and permissions for a given directory using
"setfacl".
I know this forum is not about ACLs but can you assist me on doing this?
> The other thing is : do you have the code of that webapp and could
you change it ?
Yes, I can.
> And why do the files have to be owned by user1/group1 ? Is it because
some other process must be able to read/write them ?
The other process is me :)
The webapp stores files in a directory.
I, as a human, check these files.
And when I'm ready, I put them manually in another directory (in the
"WebContent" directory of the webapp to be more precise).
I just do not want to put the files directly online.
> Can you not give to this other process the permissions to read/write
the files of tomcat6/tomcat6 ? That may be easier to achieve.
Yes, well, if I log in as "tomcat6", it will work.
Best regards,
--
Léa
On 2014-03-11 6:16 PM, André Warnier wrote:
Lmhelp1 wrote:
-- Files created by a Tomcat webapp and owner, owner group,
permissions for this file --
Hello and thank you for reading my post.
I am running a "Tomcat v6.0" webapp on a "Debian 7.2 Wheezy" OS.
In particular, this webapp creates some files on the filesystem.
The files created have:
- "tomcat6" as the owner user,
- "tomcat6" as the owner group,
- 644 as the permissions granted to the owner, the owner group and
others respectively.
Is it possible to change this behavior?
What I like to do is:
- set the owner user to "user1",
- set the owner group to "group1",
- set the permissions to 660
for every new file created.
It sounds like you have installed Tomcat 6, using the standard
Ubuntu/Debian tomcat package (apt-get etc..).
That package is the one that specifies the user/group under which this
Tomcat is running (in reality it is the java JVM which is running, and
the JVM runs Tomcat and webapp code).
Since the JVM is started under the user/group "tomcat6", when the webapp
creates a file, it uses that user/group, and the "umask" of that user,
to set the file ownership and permissions.
To change this, you would have to change the user-id/group under which
Tomcat is started (in /etc/init.d/tomcat6).
However, the Debian Tomcat package creates a lot of files in different
places in the filesystem, each with user/group tomcat6, and
corresponding permissions.
So it is going to be a lot of work to change all that and still have
your Tomcat running properly.
It would probably be better, and less work in the end, to remove this
packaged tomcat, and install a "real tomcat", from the Tomcat website.
Then you can specify a user-id under which to run, without getting in
trouble with all the pre-installed files all over the place.
There may be other options (such as using ACLs on the directory where
the files are created), but they are quite difficult to recommend
without having access to your server.
The other thing is : do you have the code of that webapp and could you
change it ?
And why do the files have to be owned by user1/group1 ? Is it because
some other process must be able to read/write them ?
Can you not give to this other process the permissions to read/write the
files of tomcat6/tomcat6 ? That may be easier to achieve.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
