Re: File and directory permissions on Tomcat 8.5 tar archive
2017-11-24 15:53 GMT+03:00 Rune Rustand <run...@gmail.com>: > Apache Tomcat 8.5.23 > Redhat Enterprise Linux 7.4 (3.10.0-693.1.1.el7.x86_64) > > > > Binary distributions tar archive > > We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and are using > the core archive. The process is done by running a puppet script that > extracts the tar archive on all the servers (many). > > Are there any reasons why the file and directory permissions differ from > the tar archive and the zip archive? > When I unpack the tar archive the permissions on files and directories are > not set for all users. > > I unpack the archive like this: > tar zxvpf apache-tomcat-8.5.23.tar.gz > > examples of file and directories permissons are: > [runrus@nemesis apache-tomcat-8.5.23]$ ls -l > total 96 > drwxr-x---. 2 runrus runrus 4096 Nov 24 08:46 bin > drwx--. 2 runrus runrus 4096 Sep 28 12:31 conf > drwxr-x---. 2 runrus runrus 4096 Nov 24 08:46 lib > -rw-r-. 1 runrus runrus 57092 Sep 28 12:31 LICENSE > drwxr-x---. 2 runrus runrus 6 Sep 28 12:30 logs > -rw-r-. 1 runrus runrus 1723 Sep 28 12:31 NOTICE > -rw-r-. 1 runrus runrus 7064 Sep 28 12:31 RELEASE-NOTES > -rw-r-. 1 runrus runrus 15946 Sep 28 12:31 RUNNING.txt > drwxr-x---. 2 runrus runrus29 Nov 24 08:46 temp > drwxr-x---. 7 runrus runrus76 Sep 28 12:30 webapps > drwxr-x---. 2 runrus runrus 6 Sep 28 12:30 work [...] > For the zip file: > unzip apache-tomcat-8.5.23.zip > > [runrus@nemesis apache-tomcat-8.5.23]$ ls -l > total 104 > drwxr-xr-x. 2 runrus runrus 4096 Sep 28 11:31 bin > drwxr-xr-x. 2 runrus runrus 4096 Sep 28 11:31 conf > drwxr-xr-x. 2 runrus runrus 4096 Sep 28 11:31 lib > -rw-r--r--. 1 runrus runrus 58153 Sep 28 11:31 LICENSE > drwxr-xr-x. 2 runrus runrus 6 Sep 28 11:30 logs > -rw-r--r--. 1 runrus runrus 1774 Sep 28 11:31 NOTICE > -rw-r--r--. 1 runrus runrus 7241 Sep 28 11:31 RELEASE-NOTES > -rw-r--r--. 1 runrus runrus 16416 Sep 28 11:31 RUNNING.txt > drwxr-xr-x. 2 runrus runrus29 Sep 28 11:31 temp > drwxr-xr-x. 7 runrus runrus76 Sep 28 11:31 webapps > drwxr-xr-x. 2 runrus runrus 6 Sep 28 11:30 work Set `umask 0027` before unzipping. The 'conf' directory, the logs, and serialized sessions in 'work' are likely to contain confidential data and should not be world-readable. http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html#Non-Tomcat_settings Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: AW: File and directory permissions on Tomcat 8.5 tar archive
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thomas, On 11/24/17 9:10 AM, Thomas Rohde wrote: > -Original message- From: Christopher Schultz > <ch...@christopherschultz.net> Sent: Friday 24th November 2017 > 14:46 To: users@tomcat.apache.org Subject: Re: AW: File and > directory permissions on Tomcat 8.5 tar archive > > > Thomas, > > On 11/24/17 8:39 AM, Thomas Rohde wrote: > > >> -Ursprüngliche Nachricht- Von: Christopher Schultz >> [mailto:ch...@christopherschultz.net] Gesendet: Freitag, 24. >> November 2017 14:21 An: users@tomcat.apache.org Betreff: Re: >> File and directory permissions on Tomcat 8.5 tar archive > >> Rune, > >> On 11/24/17 7:53 AM, Rune Rustand wrote: >>> Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 >>> (3.10.0-693.1.1.el7.x86_64) > > > >>> Binary distributions tar archive > >>> We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, >>> and are using the core archive. The process is done by running >>> a puppet script that extracts the tar archive on all the >>> servers (many). > >>> Are there any reasons why the file and directory permissions >>> differ from the tar archive and the zip archive? > >> Good question. Evidently, both Info-Zip (the 'unzip' program >> usually found on *NIX-based systems) and Apache Ant understand >> the Info-Zip-specified extension to the ZIP format that encodes >> file permissions and both ought to respect them when both packing >> and unpacking the archive[1]. > >> I don't know enough about the ZIP file format to be able to >> inspect the archive to determine what's actually stored in there >> (to determine if the archive lacks the permissions or if the >> extraction process is at fault). > >>> When I unpack the tar archive the permissions on files and >>> directories are not set for all users. > >>> I unpack the archive like this: tar zxvpf >>> apache-tomcat-8.5.23.tar.gz > >>> [snip] > >>> For the zip file: unzip apache-tomcat-8.5.23.zip > >>> [snip] > >> Hmm. Those definitely *should be* producing the same file >> permissions... at least, I'd expect them to produce the same >> file permissions. > >> I don't see any (missing) options to Apache ant's task >> that look like they would strip those file permissions. I also >> don't see any options for (Info-Zip) unzip that would be required >> to restore such permissions. > >> IMHO, this should Just Work. > >> -chris > >> [1] >> https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation > >> - > >> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > > >> While turning around the same issue this week I compared a >> apache-tomcat-8.5.14.tar.gz and an apache-tomcat-8.0.17.tar.gz. > >> The permissions differ. > >> With 8.0.17 files have rw-r--r-- and with 8.5.14 files have >> rw-r- > >> With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with >> 8.5.14 they have rwxr-x--- > >> This means others have no permissions in current Tomcat versions >> by default. > >> I found that in the changelog of 8.5.0: Tighten up the default >> file permissions for the .tar.gz distribution so no files or >> directories are world readable by default. Configure Tomcat to >> run with a default umask of 0027 which may be overridden by >> setting UMASK in setenv.sh. (markt) > >> So I think it works like expected. > > This is a comparison of file permissions coming from tar archives > versus *zip* archives, not a comparison of file permissions coming > from (only) tar archives from two different Tomcat versions. > > -chris > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > I know. I presumed that ZIP don't carry any file permission. So you didn't read my reply, then. > While extracting a zip file you get the permissions depending on > your umask. What makes you think that the umask doesn't apply the same way to files extracted from a zip file versus a tar file? > And that's the reason why the file permissions of an extracted zip > and and extracted tar differ. I don't think so. > The differences with Tomcat 8.0
RE: AW: File and directory permissions on Tomcat 8.5 tar archive
Chris, -Original message- From: Christopher Schultz <ch...@christopherschultz.net> Sent: Friday 24th November 2017 14:46 To: users@tomcat.apache.org Subject: Re: AW: File and directory permissions on Tomcat 8.5 tar archive -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thomas, On 11/24/17 8:39 AM, Thomas Rohde wrote: > > > -Ursprüngliche Nachricht- Von: Christopher Schultz > [mailto:ch...@christopherschultz.net] Gesendet: Freitag, 24. > November 2017 14:21 An: users@tomcat.apache.org Betreff: Re: File > and directory permissions on Tomcat 8.5 tar archive > > Rune, > > On 11/24/17 7:53 AM, Rune Rustand wrote: >> Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 >> (3.10.0-693.1.1.el7.x86_64) > > > >> Binary distributions tar archive > >> We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and >> are using the core archive. The process is done by running a >> puppet script that extracts the tar archive on all the servers >> (many). > >> Are there any reasons why the file and directory permissions >> differ from the tar archive and the zip archive? > > Good question. Evidently, both Info-Zip (the 'unzip' program > usually found on *NIX-based systems) and Apache Ant understand the > Info-Zip-specified extension to the ZIP format that encodes file > permissions and both ought to respect them when both packing and > unpacking the archive[1]. > > I don't know enough about the ZIP file format to be able to inspect > the archive to determine what's actually stored in there (to > determine if the archive lacks the permissions or if the extraction > process is at fault). > >> When I unpack the tar archive the permissions on files and >> directories are not set for all users. > >> I unpack the archive like this: tar zxvpf >> apache-tomcat-8.5.23.tar.gz > >> [snip] > >> For the zip file: unzip apache-tomcat-8.5.23.zip > >> [snip] > > Hmm. Those definitely *should be* producing the same file > permissions... at least, I'd expect them to produce the same file > permissions. > > I don't see any (missing) options to Apache ant's task that > look like they would strip those file permissions. I also don't see > any options for (Info-Zip) unzip that would be required to restore > such permissions. > > IMHO, this should Just Work. > > -chris > > [1] https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > While turning around the same issue this week I compared a > apache-tomcat-8.5.14.tar.gz and an apache-tomcat-8.0.17.tar.gz. > > The permissions differ. > > With 8.0.17 files have rw-r--r-- and with 8.5.14 files have > rw-r- > > With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with > 8.5.14 they have rwxr-x--- > > This means others have no permissions in current Tomcat versions by > default. > > I found that in the changelog of 8.5.0: Tighten up the default file > permissions for the .tar.gz distribution so no files or directories > are world readable by default. Configure Tomcat to run with a > default umask of 0027 which may be overridden by setting UMASK in > setenv.sh. (markt) > > So I think it works like expected. This is a comparison of file permissions coming from tar archives versus *zip* archives, not a comparison of file permissions coming from (only) tar archives from two different Tomcat versions. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloYIo4ACgkQHPApP6U8 pFgo3hAAyjUnW8j885CPWUwffUCN++QWoRTP4qU/nV4X4P0SDrV6OZ7AN0g/ELGU klUqT6XRSaosHdxleVo4GKrP8vDg21XlezCsAZ6KclRvrtrGZ8yK0Toh+6Z4eyMc BReM/mqaiIeVhsq3BL8+gwpaYNsAxI68QGdLvYRe+wZ+AdZUXtPPQjrECC4fjFly kabmYuU37anAHOvMtGTPQWeqzLO0zPeA9GlIixKSknlzLedJ4ZkfBSOc8mBcaEcV aR08cHQyJyh/411p8o7gaWmZPR7cvUqN1/qgTd7E1ehJPhPiIi4Dz5CUD7Kw9Fa2 hzxxh9IBuJxc4ftGchltbKLZpoT9648Bt1zD3tzyAgZq0CMX3sibl7CM3v/NxxCc HYIImq9WrJlUNYactium9auDqfFNAJSW9WzTjCBWtwipcOMuW0kaCcQdJheQ6M3E /qUQ/M+A0aUgBxhZbuLy8R4Fx/wjReaSWg4pxMp9ZMwj+9XV32RlStz87vtuuww7 bosj9u4+weYpnfSnaUFrTSATFpJSus7bxzFw/nTY4+CsHiUwDt0pEAGVW/QNkCzX kgEKWEmMpzfSjQkj4/rvXTLu2aaLQrlVLcHHeADHkDt+rtUUp9h/EykNo2YaD3ca /gucCVnTU/6+doyiXLRyAjawVc9rYMeZ+N1RK1wbxgI/yGvtqqk= =XB2B -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...
Re: AW: File and directory permissions on Tomcat 8.5 tar archive
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thomas, On 11/24/17 8:39 AM, Thomas Rohde wrote: > > > -Ursprüngliche Nachricht- Von: Christopher Schultz > [mailto:ch...@christopherschultz.net] Gesendet: Freitag, 24. > November 2017 14:21 An: users@tomcat.apache.org Betreff: Re: File > and directory permissions on Tomcat 8.5 tar archive > > Rune, > > On 11/24/17 7:53 AM, Rune Rustand wrote: >> Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 >> (3.10.0-693.1.1.el7.x86_64) > > > >> Binary distributions tar archive > >> We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and >> are using the core archive. The process is done by running a >> puppet script that extracts the tar archive on all the servers >> (many). > >> Are there any reasons why the file and directory permissions >> differ from the tar archive and the zip archive? > > Good question. Evidently, both Info-Zip (the 'unzip' program > usually found on *NIX-based systems) and Apache Ant understand the > Info-Zip-specified extension to the ZIP format that encodes file > permissions and both ought to respect them when both packing and > unpacking the archive[1]. > > I don't know enough about the ZIP file format to be able to inspect > the archive to determine what's actually stored in there (to > determine if the archive lacks the permissions or if the extraction > process is at fault). > >> When I unpack the tar archive the permissions on files and >> directories are not set for all users. > >> I unpack the archive like this: tar zxvpf >> apache-tomcat-8.5.23.tar.gz > >> [snip] > >> For the zip file: unzip apache-tomcat-8.5.23.zip > >> [snip] > > Hmm. Those definitely *should be* producing the same file > permissions... at least, I'd expect them to produce the same file > permissions. > > I don't see any (missing) options to Apache ant's task that > look like they would strip those file permissions. I also don't see > any options for (Info-Zip) unzip that would be required to restore > such permissions. > > IMHO, this should Just Work. > > -chris > > [1] https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > While turning around the same issue this week I compared a > apache-tomcat-8.5.14.tar.gz and an apache-tomcat-8.0.17.tar.gz. > > The permissions differ. > > With 8.0.17 files have rw-r--r-- and with 8.5.14 files have > rw-r- > > With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with > 8.5.14 they have rwxr-x--- > > This means others have no permissions in current Tomcat versions by > default. > > I found that in the changelog of 8.5.0: Tighten up the default file > permissions for the .tar.gz distribution so no files or directories > are world readable by default. Configure Tomcat to run with a > default umask of 0027 which may be overridden by setting UMASK in > setenv.sh. (markt) > > So I think it works like expected. This is a comparison of file permissions coming from tar archives versus *zip* archives, not a comparison of file permissions coming from (only) tar archives from two different Tomcat versions. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloYIo4ACgkQHPApP6U8 pFgo3hAAyjUnW8j885CPWUwffUCN++QWoRTP4qU/nV4X4P0SDrV6OZ7AN0g/ELGU klUqT6XRSaosHdxleVo4GKrP8vDg21XlezCsAZ6KclRvrtrGZ8yK0Toh+6Z4eyMc BReM/mqaiIeVhsq3BL8+gwpaYNsAxI68QGdLvYRe+wZ+AdZUXtPPQjrECC4fjFly kabmYuU37anAHOvMtGTPQWeqzLO0zPeA9GlIixKSknlzLedJ4ZkfBSOc8mBcaEcV aR08cHQyJyh/411p8o7gaWmZPR7cvUqN1/qgTd7E1ehJPhPiIi4Dz5CUD7Kw9Fa2 hzxxh9IBuJxc4ftGchltbKLZpoT9648Bt1zD3tzyAgZq0CMX3sibl7CM3v/NxxCc HYIImq9WrJlUNYactium9auDqfFNAJSW9WzTjCBWtwipcOMuW0kaCcQdJheQ6M3E /qUQ/M+A0aUgBxhZbuLy8R4Fx/wjReaSWg4pxMp9ZMwj+9XV32RlStz87vtuuww7 bosj9u4+weYpnfSnaUFrTSATFpJSus7bxzFw/nTY4+CsHiUwDt0pEAGVW/QNkCzX kgEKWEmMpzfSjQkj4/rvXTLu2aaLQrlVLcHHeADHkDt+rtUUp9h/EykNo2YaD3ca /gucCVnTU/6+doyiXLRyAjawVc9rYMeZ+N1RK1wbxgI/yGvtqqk= =XB2B -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: File and directory permissions on Tomcat 8.5 tar archive
-Ursprüngliche Nachricht- Von: Christopher Schultz [mailto:ch...@christopherschultz.net] Gesendet: Freitag, 24. November 2017 14:21 An: users@tomcat.apache.org Betreff: Re: File and directory permissions on Tomcat 8.5 tar archive -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Rune, On 11/24/17 7:53 AM, Rune Rustand wrote: > Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 > (3.10.0-693.1.1.el7.x86_64) > > > > Binary distributions tar archive > > We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and are > using the core archive. The process is done by running a puppet script > that extracts the tar archive on all the servers (many). > > Are there any reasons why the file and directory permissions differ > from the tar archive and the zip archive? Good question. Evidently, both Info-Zip (the 'unzip' program usually found on *NIX-based systems) and Apache Ant understand the Info-Zip-specified extension to the ZIP format that encodes file permissions and both ought to respect them when both packing and unpacking the archive[1]. I don't know enough about the ZIP file format to be able to inspect the archive to determine what's actually stored in there (to determine if the archive lacks the permissions or if the extraction process is at fault). > When I unpack the tar archive the permissions on files and directories > are not set for all users. > > I unpack the archive like this: tar zxvpf apache-tomcat-8.5.23.tar.gz > > [snip] > > For the zip file: unzip apache-tomcat-8.5.23.zip > > [snip] Hmm. Those definitely *should be* producing the same file permissions... at least, I'd expect them to produce the same file permissions. I don't see any (missing) options to Apache ant's task that look like they would strip those file permissions. I also don't see any options for (Info-Zip) unzip that would be required to restore such permissions. IMHO, this should Just Work. - -chris [1] https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloYHLMACgkQHPApP6U8 pFhIohAAmCj7pZufx9VexFHy7vl16HOdnQZ07swJ5kT4zuK29Ajv+l734Lykx0xT YGpOmjc+lYW9B8Ewz/VaqzGuH485lWK8hMNtYzv/e4nytFvI6C4D2umm/GQwefy+ 3YihUZPg0VPtw7mROYAHMYDtuPwUFbCi9Qs9rmAil+79+DIYE+RcKOuX6Da7Qbm1 xB85hHX0x2WaPbOOZh6FUcYzekMW1Nw07ggxIP7GknnnR+cWQlRo+MMufIFChCXN f0iMGN5JEkkBuFH6j0s1IYgzxUH75pa3mqIA1T5nAv0B2VRELDCBs23MOah83w6K eghMXT3eD3ti88HD7YcrC8dUzQczpNAbxsRNx5a0G2GNUVdb1u3oa/J8qUzFQrFT 5Aay5XlJgH7MYJOJxDezUojax2e372zniVaKMjhq9qKBeLoBYdCqHO/bfpkzYK9i JARpc9PVczyQYXWpcjHvlvT3OF9MSlzVZbrqdIqNHYU5lH9rhSIp9O+bRkXQpluU uEp2EeLk6rXtUdamKooW63RD1CDNjUjpXT/Hb2WrSYDrWu8gN7/1YpuNKo1nlILS aet4dePuM/6Bd1Vs1oIi21YdKvwS2lQnr/XbKjqCwe/4qAJelHRDArHFp40cLlMv B23azWYuu6kqr8aUMSXjplNTk5/i9mkYcVCUzJkN01ZZCTvPqwo= =Rk3D -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org While turning around the same issue this week I compared a apache-tomcat-8.5.14.tar.gz and an apache-tomcat-8.0.17.tar.gz. The permissions differ. With 8.0.17 files have rw-r--r-- and with 8.5.14 files have rw-r- With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with 8.5.14 they have rwxr-x--- This means others have no permissions in current Tomcat versions by default. I found that in the changelog of 8.5.0: Tighten up the default file permissions for the .tar.gz distribution so no files or directories are world readable by default. Configure Tomcat to run with a default umask of 0027 which may be overridden by setting UMASK in setenv.sh. (markt) So I think it works like expected. Regards Thomas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: File and directory permissions on Tomcat 8.5 tar archive
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Rune, On 11/24/17 7:53 AM, Rune Rustand wrote: > Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 > (3.10.0-693.1.1.el7.x86_64) > > > > Binary distributions tar archive > > We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and are > using the core archive. The process is done by running a puppet > script that extracts the tar archive on all the servers (many). > > Are there any reasons why the file and directory permissions differ > from the tar archive and the zip archive? Good question. Evidently, both Info-Zip (the 'unzip' program usually found on *NIX-based systems) and Apache Ant understand the Info-Zip-specified extension to the ZIP format that encodes file permissions and both ought to respect them when both packing and unpacking the archive[1]. I don't know enough about the ZIP file format to be able to inspect the archive to determine what's actually stored in there (to determine if the archive lacks the permissions or if the extraction process is at fault). > When I unpack the tar archive the permissions on files and > directories are not set for all users. > > I unpack the archive like this: tar zxvpf > apache-tomcat-8.5.23.tar.gz > > [snip] > > For the zip file: unzip apache-tomcat-8.5.23.zip > > [snip] Hmm. Those definitely *should be* producing the same file permissions... at least, I'd expect them to produce the same file permissions. I don't see any (missing) options to Apache ant's task that look like they would strip those file permissions. I also don't see any options for (Info-Zip) unzip that would be required to restore such permissions. IMHO, this should Just Work. - -chris [1] https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloYHLMACgkQHPApP6U8 pFhIohAAmCj7pZufx9VexFHy7vl16HOdnQZ07swJ5kT4zuK29Ajv+l734Lykx0xT YGpOmjc+lYW9B8Ewz/VaqzGuH485lWK8hMNtYzv/e4nytFvI6C4D2umm/GQwefy+ 3YihUZPg0VPtw7mROYAHMYDtuPwUFbCi9Qs9rmAil+79+DIYE+RcKOuX6Da7Qbm1 xB85hHX0x2WaPbOOZh6FUcYzekMW1Nw07ggxIP7GknnnR+cWQlRo+MMufIFChCXN f0iMGN5JEkkBuFH6j0s1IYgzxUH75pa3mqIA1T5nAv0B2VRELDCBs23MOah83w6K eghMXT3eD3ti88HD7YcrC8dUzQczpNAbxsRNx5a0G2GNUVdb1u3oa/J8qUzFQrFT 5Aay5XlJgH7MYJOJxDezUojax2e372zniVaKMjhq9qKBeLoBYdCqHO/bfpkzYK9i JARpc9PVczyQYXWpcjHvlvT3OF9MSlzVZbrqdIqNHYU5lH9rhSIp9O+bRkXQpluU uEp2EeLk6rXtUdamKooW63RD1CDNjUjpXT/Hb2WrSYDrWu8gN7/1YpuNKo1nlILS aet4dePuM/6Bd1Vs1oIi21YdKvwS2lQnr/XbKjqCwe/4qAJelHRDArHFp40cLlMv B23azWYuu6kqr8aUMSXjplNTk5/i9mkYcVCUzJkN01ZZCTvPqwo= =Rk3D -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
File and directory permissions on Tomcat 8.5 tar archive
Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 (3.10.0-693.1.1.el7.x86_64) Binary distributions tar archive We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and are using the core archive. The process is done by running a puppet script that extracts the tar archive on all the servers (many). Are there any reasons why the file and directory permissions differ from the tar archive and the zip archive? When I unpack the tar archive the permissions on files and directories are not set for all users. I unpack the archive like this: tar zxvpf apache-tomcat-8.5.23.tar.gz examples of file and directories permissons are: [runrus@nemesis apache-tomcat-8.5.23]$ ls -l total 96 drwxr-x---. 2 runrus runrus 4096 Nov 24 08:46 bin drwx--. 2 runrus runrus 4096 Sep 28 12:31 conf drwxr-x---. 2 runrus runrus 4096 Nov 24 08:46 lib -rw-r-. 1 runrus runrus 57092 Sep 28 12:31 LICENSE drwxr-x---. 2 runrus runrus 6 Sep 28 12:30 logs -rw-r-. 1 runrus runrus 1723 Sep 28 12:31 NOTICE -rw-r-. 1 runrus runrus 7064 Sep 28 12:31 RELEASE-NOTES -rw-r-. 1 runrus runrus 15946 Sep 28 12:31 RUNNING.txt drwxr-x---. 2 runrus runrus29 Nov 24 08:46 temp drwxr-x---. 7 runrus runrus76 Sep 28 12:30 webapps drwxr-x---. 2 runrus runrus 6 Sep 28 12:30 work [runrus@nemesis apache-tomcat-8.5.23]$ ls -l lib total 7644 -rw-r-. 1 runrus runrus 18254 Sep 28 12:30 annotations-api.jar -rw-r-. 1 runrus runrus 54300 Sep 28 12:30 catalina-ant.jar -rw-r-. 1 runrus runrus 119087 Sep 28 12:30 catalina-ha.jar -rw-r-. 1 runrus runrus 1623570 Sep 28 12:30 catalina.jar -rw-r-. 1 runrus runrus 75103 Sep 28 12:30 catalina-storeconfig.jar -rw-r-. 1 runrus runrus 281816 Sep 28 12:30 catalina-tribes.jar -rw-r-. 1 runrus runrus 2450404 Sep 28 12:30 ecj-4.6.3.jar -rw-r-. 1 runrus runrus 81361 Sep 28 12:30 el-api.jar -rw-r-. 1 runrus runrus 163295 Sep 28 12:30 jasper-el.jar -rw-r-. 1 runrus runrus 592050 Sep 28 12:30 jasper.jar -rw-r-. 1 runrus runrus 26863 Sep 28 12:30 jaspic-api.jar -rw-r-. 1 runrus runrus 61756 Sep 28 12:30 jsp-api.jar -rw-r-. 1 runrus runrus 244134 Sep 28 12:30 servlet-api.jar -rw-r-. 1 runrus runrus 10562 Sep 28 12:30 tomcat-api.jar -rw-r-. 1 runrus runrus 788380 Sep 28 12:30 tomcat-coyote.jar -rw-r-. 1 runrus runrus 251940 Sep 28 12:30 tomcat-dbcp.jar -rw-r-. 1 runrus runrus 66928 Sep 28 12:30 tomcat-i18n-es.jar -rw-r-. 1 runrus runrus 40824 Sep 28 12:30 tomcat-i18n-fr.jar -rw-r-. 1 runrus runrus 42130 Sep 28 12:30 tomcat-i18n-ja.jar -rw-r-. 1 runrus runrus 144981 Sep 28 12:30 tomcat-jdbc.jar -rw-r-. 1 runrus runrus 34543 Sep 28 12:30 tomcat-jni.jar -rw-r-. 1 runrus runrus 136560 Sep 28 12:30 tomcat-util.jar -rw-r-. 1 runrus runrus 205365 Sep 28 12:30 tomcat-util-scan.jar -rw-r-. 1 runrus runrus 217108 Sep 28 12:30 tomcat-websocket.jar -rw-r-. 1 runrus runrus 36947 Sep 28 12:30 websocket-api.jar For the zip file: unzip apache-tomcat-8.5.23.zip [runrus@nemesis apache-tomcat-8.5.23]$ ls -l total 104 drwxr-xr-x. 2 runrus runrus 4096 Sep 28 11:31 bin drwxr-xr-x. 2 runrus runrus 4096 Sep 28 11:31 conf drwxr-xr-x. 2 runrus runrus 4096 Sep 28 11:31 lib -rw-r--r--. 1 runrus runrus 58153 Sep 28 11:31 LICENSE drwxr-xr-x. 2 runrus runrus 6 Sep 28 11:30 logs -rw-r--r--. 1 runrus runrus 1774 Sep 28 11:31 NOTICE -rw-r--r--. 1 runrus runrus 7241 Sep 28 11:31 RELEASE-NOTES -rw-r--r--. 1 runrus runrus 16416 Sep 28 11:31 RUNNING.txt drwxr-xr-x. 2 runrus runrus29 Sep 28 11:31 temp drwxr-xr-x. 7 runrus runrus76 Sep 28 11:31 webapps drwxr-xr-x. 2 runrus runrus 6 Sep 28 11:30 work [runrus@nemesis apache-tomcat-8.5.23]$ ls -l lib total 7644 -rw-r--r--. 1 runrus runrus 18254 Sep 28 11:31 annotations-api.jar -rw-r--r--. 1 runrus runrus 54300 Sep 28 11:31 catalina-ant.jar -rw-r--r--. 1 runrus runrus 119087 Sep 28 11:31 catalina-ha.jar -rw-r--r--. 1 runrus runrus 1623570 Sep 28 11:31 catalina.jar -rw-r--r--. 1 runrus runrus 75103 Sep 28 11:31 catalina-storeconfig.jar -rw-r--r--. 1 runrus runrus 281816 Sep 28 11:31 catalina-tribes.jar -rw-r--r--. 1 runrus runrus 2450404 Sep 28 11:31 ecj-4.6.3.jar -rw-r--r--. 1 runrus runrus 81361 Sep 28 11:31 el-api.jar -rw-r--r--. 1 runrus runrus 163295 Sep 28 11:31 jasper-el.jar -rw-r--r--. 1 runrus runrus 592050 Sep 28 11:31 jasper.jar -rw-r--r--. 1 runrus runrus 26863 Sep 28 11:31 jaspic-api.jar -rw-r--r--. 1 runrus runrus 61756 Sep 28 11:31 jsp-api.jar -rw-r--r--. 1 runrus runrus 244134 Sep 28 11:31 servlet-api.jar -rw-r--r--. 1 runrus runrus 10562 Sep 28 11:31 tomcat-api.jar -rw-r--r--. 1 runrus runrus 788380 Sep 28 11:31 tomcat-coyote.jar -rw-r--r--. 1 runrus runrus 251940 Sep 28 11:31 tomcat-dbcp.jar -rw-r--r--. 1 runrus runrus 66928 Sep 28 11:31 tomcat-i18n-es.jar -rw-r--r--. 1 runrus runrus 40824 Sep 28 11:31 tomcat-i18n-fr.jar -rw-r--r--. 1 runrus runrus 42130 Sep 28 11:31 tomcat-i18n-ja.jar
webapps directory permissions question
I have apache-tomcat-5.5.17 installed on a solaris 10 box. When my users create their applications, they end up in /var/local/user/apache-tomcat-5.5.17/webapps with drwxr-r-x permissions on the directory under webapps. what I want, it for it to show up as drwxrwr-x (group writable). In the startup script for tomcat, I tried setting the umask to 0002, but now when directories get created, they show up like drwxr-sr-x so whats the proper way to accomplish this? regards, Jason - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
2nd try: directory permissions question
hey tomcat-heads, I have apache-tomcat-5.5.17 installed on a solaris 10 box. When my users create their applications, they end up in /var/local/user/apache-tomcat-5.5.17/webapps with drwxr-r-x permissions on the directory under webapps. what I want, it for it to show up as drwxrwr-x (group writable). In the startup script for tomcat, I tried setting the umask to 0002, but now when directories get created, they show up like drwxr-sr-x so whats the proper way to accomplish this? regards, Jason - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Directory Permissions
All, Where would I find information on how to prevent access to specific directories within a webapp? Exactly what file has to be edited? Akin to how Apache uses .htaccess files, I would like to limit access on a user/IP basis. The files are located within a webapp inside of other directories. Thank you for any advice you can offer. Stephen Caine CommonGround Softworks, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]