Re: AW: File and directory permissions on Tomcat 8.5 tar archive
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thomas, On 11/24/17 9:10 AM, Thomas Rohde wrote: > -Original message- From: Christopher Schultz > <ch...@christopherschultz.net> Sent: Friday 24th November 2017 > 14:46 To: users@tomcat.apache.org Subject: Re: AW: File and > directory permissions on Tomcat 8.5 tar archive > > > Thomas, > > On 11/24/17 8:39 AM, Thomas Rohde wrote: > > >> -Ursprüngliche Nachricht- Von: Christopher Schultz >> [mailto:ch...@christopherschultz.net] Gesendet: Freitag, 24. >> November 2017 14:21 An: users@tomcat.apache.org Betreff: Re: >> File and directory permissions on Tomcat 8.5 tar archive > >> Rune, > >> On 11/24/17 7:53 AM, Rune Rustand wrote: >>> Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 >>> (3.10.0-693.1.1.el7.x86_64) > > > >>> Binary distributions tar archive > >>> We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, >>> and are using the core archive. The process is done by running >>> a puppet script that extracts the tar archive on all the >>> servers (many). > >>> Are there any reasons why the file and directory permissions >>> differ from the tar archive and the zip archive? > >> Good question. Evidently, both Info-Zip (the 'unzip' program >> usually found on *NIX-based systems) and Apache Ant understand >> the Info-Zip-specified extension to the ZIP format that encodes >> file permissions and both ought to respect them when both packing >> and unpacking the archive[1]. > >> I don't know enough about the ZIP file format to be able to >> inspect the archive to determine what's actually stored in there >> (to determine if the archive lacks the permissions or if the >> extraction process is at fault). > >>> When I unpack the tar archive the permissions on files and >>> directories are not set for all users. > >>> I unpack the archive like this: tar zxvpf >>> apache-tomcat-8.5.23.tar.gz > >>> [snip] > >>> For the zip file: unzip apache-tomcat-8.5.23.zip > >>> [snip] > >> Hmm. Those definitely *should be* producing the same file >> permissions... at least, I'd expect them to produce the same >> file permissions. > >> I don't see any (missing) options to Apache ant's task >> that look like they would strip those file permissions. I also >> don't see any options for (Info-Zip) unzip that would be required >> to restore such permissions. > >> IMHO, this should Just Work. > >> -chris > >> [1] >> https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation > >> - > >> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > > >> While turning around the same issue this week I compared a >> apache-tomcat-8.5.14.tar.gz and an apache-tomcat-8.0.17.tar.gz. > >> The permissions differ. > >> With 8.0.17 files have rw-r--r-- and with 8.5.14 files have >> rw-r- > >> With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with >> 8.5.14 they have rwxr-x--- > >> This means others have no permissions in current Tomcat versions >> by default. > >> I found that in the changelog of 8.5.0: Tighten up the default >> file permissions for the .tar.gz distribution so no files or >> directories are world readable by default. Configure Tomcat to >> run with a default umask of 0027 which may be overridden by >> setting UMASK in setenv.sh. (markt) > >> So I think it works like expected. > > This is a comparison of file permissions coming from tar archives > versus *zip* archives, not a comparison of file permissions coming > from (only) tar archives from two different Tomcat versions. > > -chris > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > I know. I presumed that ZIP don't carry any file permission. So you didn't read my reply, then. > While extracting a zip file you get the permissions depending on > your umask. What makes you think that the umask doesn't apply the same way to files extracted from a zip file versus a tar file? > And that's the reason why the file permissions of an extracted zip > and and extracted tar differ. I don't think so. > The differences with Tomcat 8.0
RE: AW: File and directory permissions on Tomcat 8.5 tar archive
Chris, -Original message- From: Christopher Schultz <ch...@christopherschultz.net> Sent: Friday 24th November 2017 14:46 To: users@tomcat.apache.org Subject: Re: AW: File and directory permissions on Tomcat 8.5 tar archive -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thomas, On 11/24/17 8:39 AM, Thomas Rohde wrote: > > > -Ursprüngliche Nachricht- Von: Christopher Schultz > [mailto:ch...@christopherschultz.net] Gesendet: Freitag, 24. > November 2017 14:21 An: users@tomcat.apache.org Betreff: Re: File > and directory permissions on Tomcat 8.5 tar archive > > Rune, > > On 11/24/17 7:53 AM, Rune Rustand wrote: >> Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 >> (3.10.0-693.1.1.el7.x86_64) > > > >> Binary distributions tar archive > >> We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and >> are using the core archive. The process is done by running a >> puppet script that extracts the tar archive on all the servers >> (many). > >> Are there any reasons why the file and directory permissions >> differ from the tar archive and the zip archive? > > Good question. Evidently, both Info-Zip (the 'unzip' program > usually found on *NIX-based systems) and Apache Ant understand the > Info-Zip-specified extension to the ZIP format that encodes file > permissions and both ought to respect them when both packing and > unpacking the archive[1]. > > I don't know enough about the ZIP file format to be able to inspect > the archive to determine what's actually stored in there (to > determine if the archive lacks the permissions or if the extraction > process is at fault). > >> When I unpack the tar archive the permissions on files and >> directories are not set for all users. > >> I unpack the archive like this: tar zxvpf >> apache-tomcat-8.5.23.tar.gz > >> [snip] > >> For the zip file: unzip apache-tomcat-8.5.23.zip > >> [snip] > > Hmm. Those definitely *should be* producing the same file > permissions... at least, I'd expect them to produce the same file > permissions. > > I don't see any (missing) options to Apache ant's task that > look like they would strip those file permissions. I also don't see > any options for (Info-Zip) unzip that would be required to restore > such permissions. > > IMHO, this should Just Work. > > -chris > > [1] https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > While turning around the same issue this week I compared a > apache-tomcat-8.5.14.tar.gz and an apache-tomcat-8.0.17.tar.gz. > > The permissions differ. > > With 8.0.17 files have rw-r--r-- and with 8.5.14 files have > rw-r- > > With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with > 8.5.14 they have rwxr-x--- > > This means others have no permissions in current Tomcat versions by > default. > > I found that in the changelog of 8.5.0: Tighten up the default file > permissions for the .tar.gz distribution so no files or directories > are world readable by default. Configure Tomcat to run with a > default umask of 0027 which may be overridden by setting UMASK in > setenv.sh. (markt) > > So I think it works like expected. This is a comparison of file permissions coming from tar archives versus *zip* archives, not a comparison of file permissions coming from (only) tar archives from two different Tomcat versions. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloYIo4ACgkQHPApP6U8 pFgo3hAAyjUnW8j885CPWUwffUCN++QWoRTP4qU/nV4X4P0SDrV6OZ7AN0g/ELGU klUqT6XRSaosHdxleVo4GKrP8vDg21XlezCsAZ6KclRvrtrGZ8yK0Toh+6Z4eyMc BReM/mqaiIeVhsq3BL8+gwpaYNsAxI68QGdLvYRe+wZ+AdZUXtPPQjrECC4fjFly kabmYuU37anAHOvMtGTPQWeqzLO0zPeA9GlIixKSknlzLedJ4ZkfBSOc8mBcaEcV aR08cHQyJyh/411p8o7gaWmZPR7cvUqN1/qgTd7E1ehJPhPiIi4Dz5CUD7Kw9Fa2 hzxxh9IBuJxc4ftGchltbKLZpoT9648Bt1zD3tzyAgZq0CMX3sibl7CM3v/NxxCc HYIImq9WrJlUNYactium9auDqfFNAJSW9WzTjCBWtwipcOMuW0kaCcQdJheQ6M3E /qUQ/M+A0aUgBxhZbuLy8R4Fx/wjReaSWg4pxMp9ZMwj+9XV32RlStz87vtuuww7 bosj9u4+weYpnfSnaUFrTSATFpJSus7bxzFw/nTY4+CsHiUwDt0pEAGVW/QNkCzX kgEKWEmMpzfSjQkj4/rvXTLu2aaLQrlVLcHHeADHkDt+rtUUp9h/EykNo2YaD3ca /gucCVnTU/6+doyiXLRyAjawVc9rYMeZ+N1RK1wbxgI/yGvtqqk= =XB2B -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...
Re: AW: File and directory permissions on Tomcat 8.5 tar archive
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thomas, On 11/24/17 8:39 AM, Thomas Rohde wrote: > > > -Ursprüngliche Nachricht- Von: Christopher Schultz > [mailto:ch...@christopherschultz.net] Gesendet: Freitag, 24. > November 2017 14:21 An: users@tomcat.apache.org Betreff: Re: File > and directory permissions on Tomcat 8.5 tar archive > > Rune, > > On 11/24/17 7:53 AM, Rune Rustand wrote: >> Apache Tomcat 8.5.23 Redhat Enterprise Linux 7.4 >> (3.10.0-693.1.1.el7.x86_64) > > > >> Binary distributions tar archive > >> We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and >> are using the core archive. The process is done by running a >> puppet script that extracts the tar archive on all the servers >> (many). > >> Are there any reasons why the file and directory permissions >> differ from the tar archive and the zip archive? > > Good question. Evidently, both Info-Zip (the 'unzip' program > usually found on *NIX-based systems) and Apache Ant understand the > Info-Zip-specified extension to the ZIP format that encodes file > permissions and both ought to respect them when both packing and > unpacking the archive[1]. > > I don't know enough about the ZIP file format to be able to inspect > the archive to determine what's actually stored in there (to > determine if the archive lacks the permissions or if the extraction > process is at fault). > >> When I unpack the tar archive the permissions on files and >> directories are not set for all users. > >> I unpack the archive like this: tar zxvpf >> apache-tomcat-8.5.23.tar.gz > >> [snip] > >> For the zip file: unzip apache-tomcat-8.5.23.zip > >> [snip] > > Hmm. Those definitely *should be* producing the same file > permissions... at least, I'd expect them to produce the same file > permissions. > > I don't see any (missing) options to Apache ant's task that > look like they would strip those file permissions. I also don't see > any options for (Info-Zip) unzip that would be required to restore > such permissions. > > IMHO, this should Just Work. > > -chris > > [1] https://en.wikipedia.org/wiki/Zip_(file_format)#Implementation > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > While turning around the same issue this week I compared a > apache-tomcat-8.5.14.tar.gz and an apache-tomcat-8.0.17.tar.gz. > > The permissions differ. > > With 8.0.17 files have rw-r--r-- and with 8.5.14 files have > rw-r- > > With 8.0.17 directories (e.g. webapps) have rwxr-xr-x and with > 8.5.14 they have rwxr-x--- > > This means others have no permissions in current Tomcat versions by > default. > > I found that in the changelog of 8.5.0: Tighten up the default file > permissions for the .tar.gz distribution so no files or directories > are world readable by default. Configure Tomcat to run with a > default umask of 0027 which may be overridden by setting UMASK in > setenv.sh. (markt) > > So I think it works like expected. This is a comparison of file permissions coming from tar archives versus *zip* archives, not a comparison of file permissions coming from (only) tar archives from two different Tomcat versions. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloYIo4ACgkQHPApP6U8 pFgo3hAAyjUnW8j885CPWUwffUCN++QWoRTP4qU/nV4X4P0SDrV6OZ7AN0g/ELGU klUqT6XRSaosHdxleVo4GKrP8vDg21XlezCsAZ6KclRvrtrGZ8yK0Toh+6Z4eyMc BReM/mqaiIeVhsq3BL8+gwpaYNsAxI68QGdLvYRe+wZ+AdZUXtPPQjrECC4fjFly kabmYuU37anAHOvMtGTPQWeqzLO0zPeA9GlIixKSknlzLedJ4ZkfBSOc8mBcaEcV aR08cHQyJyh/411p8o7gaWmZPR7cvUqN1/qgTd7E1ehJPhPiIi4Dz5CUD7Kw9Fa2 hzxxh9IBuJxc4ftGchltbKLZpoT9648Bt1zD3tzyAgZq0CMX3sibl7CM3v/NxxCc HYIImq9WrJlUNYactium9auDqfFNAJSW9WzTjCBWtwipcOMuW0kaCcQdJheQ6M3E /qUQ/M+A0aUgBxhZbuLy8R4Fx/wjReaSWg4pxMp9ZMwj+9XV32RlStz87vtuuww7 bosj9u4+weYpnfSnaUFrTSATFpJSus7bxzFw/nTY4+CsHiUwDt0pEAGVW/QNkCzX kgEKWEmMpzfSjQkj4/rvXTLu2aaLQrlVLcHHeADHkDt+rtUUp9h/EykNo2YaD3ca /gucCVnTU/6+doyiXLRyAjawVc9rYMeZ+N1RK1wbxgI/yGvtqqk= =XB2B -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
