You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2020/03/26 15:12:00 UTC

[jira] [Commented] (DAEMON-417) default umask for tomcat

    [ https://issues.apache.org/jira/browse/DAEMON-417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17067757#comment-17067757 ] 

Michael Osipov commented on DAEMON-417:
---------------------------------------

Here is a counter example: https://github.com/freebsd/freebsd-ports/blob/master/www/tomcat85/files/tomcat85.in#L129
FreeBSD port's startup script supports umask.

> default umask for tomcat
> ------------------------
>
>                 Key: DAEMON-417
>                 URL: https://issues.apache.org/jira/browse/DAEMON-417
>             Project: Commons Daemon
>          Issue Type: Bug
>          Components: Jsvc
>    Affects Versions: 1.2.2
>            Reporter: John Kang
>            Priority: Minor
>
> hello there,
>  
> I am not sure fi this is bug or on purpose.
> tomcat document says like below.
>  * [https://tomcat.apache.org/tomcat-8.5-doc/security-howto.html]
>  * 29) Security Considerations -> Non Tomcat settings
> {code:java}
>  Tomcat runs with a default umask of 0027 to maintain
>     these permissions for files created while Tomcat is running (e.g. log files,
>     expanded WARs, etc.).{code}
>  
> I can also check the default value of umask in the catalina.sh
> {code:java}
> # Set UMASK unless it has been overridden
> if [ -z "$UMASK" ]; then
>     UMASK="0027"
> fi
> umask $UMASK {code}
>  
> however, if i run the tomcat using by jsvc, 0077 is applied by default.
>  * unix/native/arguments.c : 176
>  * args->umask = 0077;
>  
> does jsvc conform the default value described in the docment?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)