Tomcat 9.0.31.0 loads a org.apache.catalina.security.SecurityListener by default in the catalina.sh file.
This SecurityListener also sets the UMASK of files to 0027. This has the effect of any file tomcat creates or the app running in tomcat creates with permissions or -rw-r----- This is causing a problem for us as it prevents certain people from being able to read log files or read any file the application might create. Putting these users in the group of the user that tomcat runs as is not an option. I’ve tried changing the catalina.sh to set the UMASK to something like 0022 but that prevents tomcat from starting with an error that it has to me at least as restrictive as 0027. I’ve also tried setting the UMASK to 0022 in the setenv.sh with same results. I’m hesitant to comment out the loading of the security listener in catalina.sh as I don’t want to disable anything else important that it may be doing from a security standpoint. Does anyone have any ideas as to a workaround? Shawn Beard ‑ Sr. Systems Engineer Middleware Engineering [cid:image624238.png@1BC27BA2.B6427C15] 3840 109th Street , Urbandale , IA 50322 Phone: +1-515-564-2528<tel:+1-515-564-2528> Email: sbe...@wrberkley.com<mailto:sbe...@wrberkley.com> Website: https://berkleytechnologyservices.com/ [cid:image040736.jpg@BA9411B9.333ADE5A] Technology Leadership Unleashing Business Potential CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.