Tomcat 9.0.31.0 loads a org.apache.catalina.security.SecurityListener by
default in the catalina.sh file.
This SecurityListener also sets the UMASK of files to 0027. This has the effect
of any file tomcat creates or the app running in tomcat creates with
permissions or -rw-r-----
This is causing a problem for us as it prevents certain people from being able
to read log files or read any file the application might create. Putting these
users in the group of the user that tomcat runs as is not an option.
I’ve tried changing the catalina.sh to set the UMASK to something like 0022 but
that prevents tomcat from starting with an error that it has to me at least as
restrictive as 0027.
I’ve also tried setting the UMASK to 0022 in the setenv.sh with same results.
I’m hesitant to comment out the loading of the security listener in catalina.sh
as I don’t want to disable anything else important that it may be doing from a
security standpoint.
Does anyone have any ideas as to a workaround?
Shawn Beard ‑ Sr. Systems Engineer
Middleware Engineering
[cid:[email protected]]
3840 109th Street , Urbandale , IA 50322
Phone: +1-515-564-2528<tel:+1-515-564-2528>
Email: [email protected]<mailto:[email protected]>
Website: https://berkleytechnologyservices.com/
[cid:[email protected]]
Technology Leadership Unleashing Business Potential
CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain
private, privileged and confidential information belonging to the sender. The
information therein is solely for the use of the addressee. If your receipt of
this transmission has occurred as the result of an error, please immediately
notify us so we can arrange for the return of the documents. In such
circumstances, you are advised that you may not disclose, copy, distribute or
take any other action in reliance on the information transmitted.
