--- Eric Haszlakiewicz <[EMAIL PROTECTED]> wrote:
> On Thu, Apr 27, 2006 at 04:55:40PM -0400, Aria > Bamdad wrote: > > I have several applications running in different > directories. Each > > application is owned by a different linux > owner/group. In order for > > Tomcat to be able to read these files to serve > them, the Tomcat has > > as it's secondary groups, the group names of each > application. > > > > The problem I am having is that when any of the > applications create > > a file, the file created has the owner/group > tomcat:tomcat which > > prevents the application owner from accessing the > file directly > > (as a logged in linux user). > > > > How do others address this problem? Is there a way > to have Tomcat > > dynamically switch 'group' before serving somthing > from each application? > > If the files are in separate directories, it might > work to just > make sure the directory is owned by the appropriate > group. Under NetBSD > that seems to ensure that any files created are > owned appropriately, > but I'm not sure how it works under linux. You > might need to do a > "chmod g+s" on the directory. > > eric > > How about making each application owner a member of the 'tomcat' group. Then set the group permissions as read-only on the dirs/files: $ chmod -R g-w <app-dir> If you want to share the ability to write to a given app's dirs/files then you need to do more: # allow members of tomcat group to write $ chmod -R g+w <app-dir> # set group "sticky-bit" $ find . -type d | xargs chmod -R g+s <app-dir> You'll also need to somehow require that all app owners set their umask to 002 so that files and dirs created by them in the tomcat group app dirs are writeable by other tomcat group members. $ umask 002 Overall, it's much simpler if the app owners only have read rights. -Bob __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
