Re: War File Deployment - Permissions for ftp account
Thanks for your suggests Juha. Managed it by using ACLs. Default group rights are rw now for the webapps folder and Tomcat is unpacking with rw for the group now. I will check the umask from tomcat in the evening, but the ACL solution seems to be quicker and safer, because I can set the permissions for every virtual host if I've got the need for it and leave the default permissions for those who don't need this feature. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
War File Deployment - Permissions for ftp account
First of all, everything is fine with the unpacking of the War file. But I need a safe concept for a ftp user which should upload, delete and manage the War file/Application. Tomcat 5.5 is running with tomcat:tomcat Ftpuser is ftpuser:tomcat The webapps directory has ownership ftpuser:tomcat, group permission for tomcat is rwx. After uploading the war per ftp, tomcat is unpacking the war file in the webapps folder in a subdirectory. Everything is accessible and works, fine. If the ftpuser deletes the war file, tomcat is deleting the application subdirectory, fine. In some circumstances it will be important for the ftp user to do some changes to the unpacked application (mostly change some values in xml files or altering some jsps), leaving the rest of the application untouched. Tomcat is extracting the War file with tomcat:tomcat, but with group permission read only for group. So the ftpuser belonging to group tomcat has no chance to alter any files, bad. So I`ve got some questions: Is it possible to unpack a war file always with group permission read/write? Is there a way telling tomcat to extract war files with ownership ftpuser:tomcat? Everything could be done by changing permissions with chown or chmod, but the ftpuser has no bash, and a cronjob would be the last thing I want to do. Thank you for your suggests - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: War File Deployment - Permissions for ftp account
Carsten Schmitz wrote: But I need a safe concept for a ftp user which should upload, delete and manage the War file/Application. Tomcat 5.5 is running with tomcat:tomcat Ftpuser is ftpuser:tomcat ... In some circumstances it will be important for the ftp user to do some changes to the unpacked application (mostly change some values in xml files or altering some jsps), leaving the rest of the application untouched. Tomcat is extracting the War file with tomcat:tomcat, but with group permission read only for group. So the ftpuser belonging to group tomcat has no chance to alter any files, bad. So I`ve got some questions: Is it possible to unpack a war file always with group permission read/write? Is there a way telling tomcat to extract war files with ownership ftpuser:tomcat? It might be that your tomcat is running with umask 022 (or 027); if so, this would by default strip write access from group (which most often is the correct thing to do), and write access or all access by others. If it is so, you could change your tomcat startup to set the umask to 002 or 007 (permit write access to group, but prohibit write or any access by others). If that doesn't help, then a lot depends on your OS platform; it could be that it supports filesystem ACLs beyond the standard unix file permissions, which would make it possible to set default permissions on directory trees, or even to add auxiliary group permissions, and make these inheritable to any objects created within the tree. But from within Tomcat, no way that I know of (short of diving into the code to find out where the WARs are exploded, and changing the file permissions there. -- ..Juha - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
