Re: Data file owner and group difficulties
On Tue, Mar 29, 2005 at 09:31:42PM -0500, James T. Studebaker wrote: : My servlets create data files. The webapp is running on a Linux system. The : app user is jims and my group is jims. I have to set permissions to 777 in : order for tomcat to read data files. When data files are created, the user is : tomcat and the group is nobody. This last sentence would imply that Tomcat is running as tomcat:nobody, and not as jims:jims as you suspect. Run 'ps' to confirm. Also, check how you start Tomcat and see whether a user switch occurs there. : Is the a configuration parameter that will result in data : files created with a user of jims and a group of jims. Is there configuration : parameters that result in tomcat being able to read data files with the user : jims and the group jims. This wouldn't be set in Tomcat, but in the JVM itself. In turn, (IIRC) the base JVM has no way of setting ownership/permissions. -QM -- software -- http://www.brandxdev.net/ tech news -- http://www.RoarNetworX.com/ code scan -- http://www.JxRef.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Data file owner and group difficulties
Yes, Tomcat runs as tomcat:nobody. I can not run Tomcat as jims:jims since jims is a virtual host account. I should have mentioned this in my initial email. I am one of numerous users who have an account that has access tomcat. The file structure of the account has a webapps directory where I install a java web application to be served by Tomcat. The owner:group for this account is jims:jims. Other users will have a different owner:group. However Tomcat runs as tomcat:nobody, the default configuration. All users need to have the ability to create and read data files with the owner:group of their own accounts. Can this be done? Thank you James T. Studebaker - Original Message - From: QM [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, March 30, 2005 7:15 AM Subject: Re: Data file owner and group difficulties On Tue, Mar 29, 2005 at 09:31:42PM -0500, James T. Studebaker wrote: : My servlets create data files. The webapp is running on a Linux system. The : app user is jims and my group is jims. I have to set permissions to 777 in : order for tomcat to read data files. When data files are created, the user is : tomcat and the group is nobody. This last sentence would imply that Tomcat is running as tomcat:nobody, and not as jims:jims as you suspect. Run 'ps' to confirm. Also, check how you start Tomcat and see whether a user switch occurs there. : Is the a configuration parameter that will result in data : files created with a user of jims and a group of jims. Is there configuration : parameters that result in tomcat being able to read data files with the user : jims and the group jims. This wouldn't be set in Tomcat, but in the JVM itself. In turn, (IIRC) the base JVM has no way of setting ownership/permissions. -QM -- software -- http://www.brandxdev.net/ tech news -- http://www.RoarNetworX.com/ code scan -- http://www.JxRef.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Data file owner and group difficulties
From: James T. Studebaker [mailto:[EMAIL PROTECTED] Yes, Tomcat runs as tomcat:nobody. I can not run Tomcat as jims:jims since jims is a virtual host account. I should have mentioned this in my initial email. I am one of numerous users who have an account that has access tomcat. The file structure of the account has a webapps directory where I install a java web application to be served by Tomcat. The owner:group for this account is jims:jims. Other users will have a different owner:group. However Tomcat runs as tomcat:nobody, the default configuration. All users need to have the ability to create and read data files with the owner:group of their own accounts. Can this be done? In that environment? No. In an environment where you had more control over Tomcat? Not securely. - Peter - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Data file owner and group difficulties
On Wed, Mar 30, 2005 at 08:23:04AM -0500, James T. Studebaker wrote: : Yes, Tomcat runs as tomcat:nobody. I can not run Tomcat as jims:jims since : jims is a virtual host account. I should have mentioned this in my initial : email. Yes, since the statement The app user is jims and my group is jims may lead someone to believe that Tomcat runs as jims:jims (or at least that the user is jims). : However Tomcat runs as tomcat:nobody, the default configuration. All users : need to have the ability to create and read data files with the owner:group : of their own accounts. Can this be done? Directly? no. Independence from the underlying OS is a big part of Java, not to mention Java webapps. With a layer of abstraction? Likely. You could move all needed auth/security to the database layer, if you get a private database (or at least private tables). That would mean you'd store the files in the database. This setup wouldn't sync with the existing (system) user/password tables, but for most of the webapps I've seen/written, this is a feature. =) -QM -- software -- http://www.brandxdev.net/ tech news -- http://www.RoarNetworX.com/ code scan -- http://www.JxRef.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Data file owner and group difficulties
My servlets create data files. The webapp is running on a Linux system. The app user is jims and my group is jims. I have to set permissions to 777 in order for tomcat to read data files. When data files are created, the user is tomcat and the group is nobody. As a result my servlets can not read the data files created. Is the a configuration parameter that will result in data files created with a user of jims and a group of jims. Is there configuration parameters that result in tomcat being able to read data files with the user jims and the group jims. Thank youJames T. Studebaker
