-----Ursprüngliche Nachricht----- Von: Christopher Schultz [mailto:ch...@christopherschultz.net] Gesendet: Freitag, 24. November 2017 14:21 An: users@tomcat.apache.org Betreff: Re: File and directory permissions on Tomcat 8.5 tar archive
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Rune, On 11/24/17 7:53 AM, Rune Rustand wrote: > Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 > (3.10.0-693.1.1.el7.x86_64) > > > > Binary distributions tar archive > > We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and are > using the core archive. The process is done by running a puppet script > that extracts the tar archive on all the servers (many). > > Are there any reasons why the file and directory permissions differ > from the tar archive and the zip archive? Good question. Evidently, both Info-Zip (the 'unzip' program usually found on *NIX-based systems) and Apache Ant understand the Info-Zip-specified extension to the ZIP format that encodes file permissions and both ought to respect them when both packing and unpacking the archive[1]. I don't know enough about the ZIP file format to be able to inspect the archive to determine what's actually stored in there (to determine if the archive lacks the permissions or if the extraction process is at fault). > When I unpack the tar archive the permissions on files and directories > are not set for all users. > > I unpack the archive like this: tar zxvpf apache-tomcat-8.5.23.tar.gz > > [snip] > > For the zip file: unzip apache-tomcat-8.5.23.zip > > [snip] Hmm. Those definitely *should be* producing the same file permissions... at least, I'd expect them to produce the same file permissions. I don't see any (missing) options to Apache ant's <zip> task that look like they would strip those file permissions. I also don't see any options for (Info-Zip) unzip that would be required to restore such permissions. IMHO, this should Just Work. - -chris [1] https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloYHLMACgkQHPApP6U8 pFhIohAAmCj7pZufx9VexFHy7vl16HOdnQZ07swJ5kT4zuK29Ajv+l734Lykx0xT YGpOmjc+lYW9B8Ewz/VaqzGuH485lWK8hMNtYzv/e4nytFvI6C4D2umm/GQwefy+ 3YihUZPg0VPtw7mROYAHMYDtuPwUFbCi9Qs9rmAil+79+DIYE+RcKOuX6Da7Qbm1 xB85hHX0x2WaPbOOZh6FUcYzekMW1Nw07ggxIP7GknnnR+cWQlRo+MMufIFChCXN f0iMGN5JEkkBuFH6j0s1IYgzxUH75pa3mqIA1T5nAv0B2VRELDCBs23MOah83w6K eghMXT3eD3ti88HD7YcrC8dUzQczpNAbxsRNx5a0G2GNUVdb1u3oa/J8qUzFQrFT 5Aay5XlJgH7MYJOJxDezUojax2e372zniVaKMjhq9qKBeLoBYdCqHO/bfpkzYK9i JARpc9PVczyQYXWpcjHvlvT3OF9MSlzVZbrqdIqNHYU5lH9rhSIp9O+bRkXQpluU uEp2EeLk6rXtUdamKooW63RD1CDNjUjpXT/Hb2WrSYDrWu8gN7/1YpuNKo1nlILS aet4dePuM/6Bd1Vs1oIi21YdKvwS2lQnr/XbKjqCwe/4qAJelHRDArHFp40cLlMv B23azWYuu6kqr8aUMSXjplNTk5/i9mkYcVCUzJkN01ZZCTvPqwo= =Rk3D -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org While turning around the same issue this week I compared a apache-tomcat-8.5.14.tar.gz and an apache-tomcat-8.0.17.tar.gz. The permissions differ. With 8.0.17 files have rw-r--r-- and with 8.5.14 files have rw-r----- With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with 8.5.14 they have rwxr-x--- This means others have no permissions in current Tomcat versions by default. I found that in the changelog of 8.5.0: Tighten up the default file permissions for the .tar.gz distribution so no files or directories are world readable by default. Configure Tomcat to run with a default umask of 0027 which may be overridden by setting UMASK in setenv.sh. (markt) So I think it works like expected. Regards Thomas --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
