Permissions of File Created by Tomcat
Hi, I'm running a WebService using Tomcat 5.5 on Ubuntu 7.10 with Axis2. Files (and directories) are created by this service on a local directory: /myfiles/ The permission of the new directories and files in this directory are: Directories:'drwxr-xr-x 2 tomcat55 nogroup 4096' Files: '-rw-r--r-- 1 tomcat55 nogroup 10041' The problem is, is I want to access (write) these files using, say, a java application, it give me: java.io.FileNotFoundException: /myfiles/aDir/aFile.txt (Permission denied) How can I either: 1.Gain write access to these files (without having to constantly change the permissions in the command prompt, and without running my java application with 'root' access). 2.Create the files/dirs from tomcat with 'write access' 3.Other Thanking you in advance. Daniel -- View this message in context: http://www.nabble.com/Permissions-of-File-Created-by-Tomcat-tp16792720p16792720.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Permissions of File Created by Tomcat
This is really a linux permissions issue. How are you starting tomcat? with the $TOMCAT_HOME/bin/startup.sh or with jsvc or are you using an ubuntu startup script? You don't say anything about the user who will run the java application. Generally, the way to control the access permissions with which files are created in linux is to call 'umask' with the correct parameters. As mentioned before on this list umask is a shell command, so you must do it at the correct point or severely weaken the overall security of your installation. You need to do the following: 1. decide which user or users will be executing tomcat and the java application. 2. If you decide that you need to have two separate users, then make them both in the same group. 3. Use umask in the tomcat startup script and/or the shell in which you run your application to set appropriate access permissions - GIYF As an aside, if you are going to have two different processes writing these shared files you may also have to consider locking issues - maybe you have already done this. Regards Alan Chaney Daniel J Hulme wrote: Hi, I'm running a WebService using Tomcat 5.5 on Ubuntu 7.10 with Axis2. Files (and directories) are created by this service on a local directory: /myfiles/ The permission of the new directories and files in this directory are: Directories:'drwxr-xr-x 2 tomcat55 nogroup 4096' Files: '-rw-r--r-- 1 tomcat55 nogroup 10041' The problem is, is I want to access (write) these files using, say, a java application, it give me: java.io.FileNotFoundException: /myfiles/aDir/aFile.txt (Permission denied) How can I either: 1.Gain write access to these files (without having to constantly change the permissions in the command prompt, and without running my java application with 'root' access). 2.Create the files/dirs from tomcat with 'write access' 3.Other Thanking you in advance. Daniel - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Permissions of File Created by Tomcat
Alan, this is very useful, thank you. After a bit of Googling I decided to upgrade to Tomcat6 (apparently is has less security ussies with Ubuntu). This means that the files/dirs are now created (from the tomcat app) by 'root:root' (with the same permissions described in my first post). However, I still have the same problem. I'm running a java progam (not as 'root'), and need write access to these files. And I'm not allowed to run my java app as 'root'. I'm pretty new to linux, so your help (i.e. command examples) is much appreciated. Daniel Alan Chaney wrote: This is really a linux permissions issue. How are you starting tomcat? with the $TOMCAT_HOME/bin/startup.sh or with jsvc or are you using an ubuntu startup script? You don't say anything about the user who will run the java application. Generally, the way to control the access permissions with which files are created in linux is to call 'umask' with the correct parameters. As mentioned before on this list umask is a shell command, so you must do it at the correct point or severely weaken the overall security of your installation. You need to do the following: 1. decide which user or users will be executing tomcat and the java application. 2. If you decide that you need to have two separate users, then make them both in the same group. 3. Use umask in the tomcat startup script and/or the shell in which you run your application to set appropriate access permissions - GIYF As an aside, if you are going to have two different processes writing these shared files you may also have to consider locking issues - maybe you have already done this. Regards Alan Chaney Daniel J Hulme wrote: Hi, I'm running a WebService using Tomcat 5.5 on Ubuntu 7.10 with Axis2. Files (and directories) are created by this service on a local directory: /myfiles/ The permission of the new directories and files in this directory are: Directories: 'drwxr-xr-x 2 tomcat55 nogroup 4096' Files: '-rw-r--r-- 1 tomcat55 nogroup 10041' The problem is, is I want to access (write) these files using, say, a java application, it give me: java.io.FileNotFoundException: /myfiles/aDir/aFile.txt (Permission denied) How can I either: 1.Gain write access to these files (without having to constantly change the permissions in the command prompt, and without running my java application with 'root' access). 2.Create the files/dirs from tomcat with 'write access' 3.Other Thanking you in advance. Daniel - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Permissions-of-File-Created-by-Tomcat-tp16792720p16795633.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Permissions of File Created by Tomcat
Hi Daniel Really the issues are to do with the JVM and linux rather more than tomcat directly. I can't claim to be a linux guru but you should look at it in the following way Any application which runs on linux is 'owned' by a user. There two classifications - 'system' users and 'normal' users. System users have UIDs which are less than 1024 and can invoke privileged services. 'root' is a system (privileged) user. One issue which often seems to confuse people is that the JVM is a program not an operating system. When you 'run tomcat' you are actually invoking java on the tomcat bootstrap.jar. See the javadocs http://tomcat.apache.org/tomcat-6.0-doc/api/index.html for more details. My point here is that java is 'just another program' to linux, and all the permissions rules apply to the user invoking an application. You say that tomcat is now running as root (which is a BAD THING) which implies that you are: a. logging in as root and starting tomcat OR b. letting tomcat be started by a sys init process. One decision you must make is whether or not tomcat should be allowed to access privileged ports (eg port 80) If so, then you should start tomcat using something like jsvc (see http://commons.apache.org/daemon/index.html) which when properly configured will allow you to start an app as root, bind tomcat to port 80 and then switch to a 'tomcat' user. You can set umask permissions as appropriate in the startup script. If you intend to run tomcat with its default port of 8080 (or any non-privileged port) things are a bit simpler. Create a user on your system (maybe 'mytomcat') and then simply start the tomcat ./bin/startup.sh as this user by something like: su mytomcat -c $JAVA_HOME/bin/startup.sh from within the init script. You can, of course, su to the user you are running the other java program as, then tomcat and your app will have the same user privileges - or you can create a tomcat group, make this the main group for your tomcat user, add it as another group to your 'application' user and set the appropriate umask (002) to allow group read/write (you must also set the directory permissions accordingly - set the 's' bit) Please note that these are only pointers not a rigorous set of instructions. The reality is that if you want to do anything serious in linux you must learn ins and outs of 'bash' and this list is not really the place to do that. HTH Alan Daniel J Hulme wrote: Alan, this is very useful, thank you. After a bit of Googling I decided to upgrade to Tomcat6 (apparently is has less security ussies with Ubuntu). This means that the files/dirs are now created (from the tomcat app) by 'root:root' (with the same permissions described in my first post). However, I still have the same problem. I'm running a java progam (not as 'root'), and need write access to these files. And I'm not allowed to run my java app as 'root'. I'm pretty new to linux, so your help (i.e. command examples) is much appreciated. Daniel Alan Chaney wrote: This is really a linux permissions issue. How are you starting tomcat? with the $TOMCAT_HOME/bin/startup.sh or with jsvc or are you using an ubuntu startup script? You don't say anything about the user who will run the java application. Generally, the way to control the access permissions with which files are created in linux is to call 'umask' with the correct parameters. As mentioned before on this list umask is a shell command, so you must do it at the correct point or severely weaken the overall security of your installation. You need to do the following: 1. decide which user or users will be executing tomcat and the java application. 2. If you decide that you need to have two separate users, then make them both in the same group. 3. Use umask in the tomcat startup script and/or the shell in which you run your application to set appropriate access permissions - GIYF As an aside, if you are going to have two different processes writing these shared files you may also have to consider locking issues - maybe you have already done this. Regards Alan Chaney Daniel J Hulme wrote: Hi, I'm running a WebService using Tomcat 5.5 on Ubuntu 7.10 with Axis2. Files (and directories) are created by this service on a local directory: /myfiles/ The permission of the new directories and files in this directory are: Directories:'drwxr-xr-x 2 tomcat55 nogroup 4096' Files: '-rw-r--r-- 1 tomcat55 nogroup 10041' The problem is, is I want to access (write) these files using, say, a java application, it give me: java.io.FileNotFoundException: /myfiles/aDir/aFile.txt (Permission denied) How can I either: 1.Gain write access to these files (without having to constantly change the permissions in the command prompt, and without running my java application with 'root' access). 2.Create the files/dirs from tomcat with 'write access' 3.Other Thanking you in
Re: Permissions of File Created by Tomcat
) How can I either: 1.Gain write access to these files (without having to constantly change the permissions in the command prompt, and without running my java application with 'root' access). 2.Create the files/dirs from tomcat with 'write access' 3.Other Thanking you in advance. Daniel - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Permissions-of-File-Created-by-Tomcat-tp16792720p16800534.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
