Re: War File Deployment - Permissions for ftp account

2008-01-02 Thread Carsten Schmitz
Thanks for your suggests Juha.

Managed it by using ACLs. Default group rights are rw now for the
webapps folder and Tomcat is unpacking with rw for the group now.

I will check the umask from tomcat in the evening, but the ACL solution
seems to be quicker and safer, because I can set the permissions for
every virtual host if I've got the need for it and leave the default
permissions for those who don't need this "feature".

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: War File Deployment - Permissions for ftp account

2007-12-28 Thread Juha Laiho
Carsten Schmitz wrote:
> But I need a safe concept for a ftp user which should upload, delete and
> manage the War file/Application. 
> 
> Tomcat 5.5 is running with tomcat:tomcat
> Ftpuser is ftpuser:tomcat
...
> In some circumstances it will be important for the ftp user to do some
> changes to the unpacked application (mostly change some values in xml
> files or altering some jsps), leaving the rest of the application
> untouched.
> 
> Tomcat is extracting the War file with tomcat:tomcat, but with group
> permission read only for group. So the ftpuser belonging to group tomcat
> has no chance to alter any files, bad.
> 
> So I`ve got some questions:
> 
> Is it possible to unpack a war file always with group permission
> read/write?
> Is there a way telling tomcat to extract war files with ownership
> ftpuser:tomcat?

It might be that your tomcat is running with "umask 022" (or 027); if
so, this would by default strip write access from group (which most often
is the correct thing to do), and write access or all access by others.
If it is so, you could change your tomcat startup to set the umask to
002 or 007 (permit write access to group, but prohibit write or any access
by others).

If that doesn't help, then a lot depends on your OS platform; it could be
that it supports filesystem ACLs beyond the standard unix file permissions,
which would make it possible to set default permissions on directory trees,
or even to add auxiliary group permissions, and make these inheritable to
any objects created within the tree.

But from within Tomcat, no way that I know of (short of diving into the
code to find out where the WARs are exploded, and changing the file
permissions there.
-- 
..Juha

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]