You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2020/03/26 15:12:00 UTC
[jira] [Commented] (DAEMON-417) default umask for tomcat
[ https://issues.apache.org/jira/browse/DAEMON-417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17067757#comment-17067757 ]
Michael Osipov commented on DAEMON-417:
---------------------------------------
Here is a counter example: https://github.com/freebsd/freebsd-ports/blob/master/www/tomcat85/files/tomcat85.in#L129
FreeBSD port's startup script supports umask.
> default umask for tomcat
> ------------------------
>
> Key: DAEMON-417
> URL: https://issues.apache.org/jira/browse/DAEMON-417
> Project: Commons Daemon
> Issue Type: Bug
> Components: Jsvc
> Affects Versions: 1.2.2
> Reporter: John Kang
> Priority: Minor
>
> hello there,
>
> I am not sure fi this is bug or on purpose.
> tomcat document says like below.
> * [https://tomcat.apache.org/tomcat-8.5-doc/security-howto.html]
> * 29) Security Considerations -> Non Tomcat settings
> {code:java}
> Tomcat runs with a default umask of 0027 to maintain
> these permissions for files created while Tomcat is running (e.g. log files,
> expanded WARs, etc.).{code}
>
> I can also check the default value of umask in the catalina.sh
> {code:java}
> # Set UMASK unless it has been overridden
> if [ -z "$UMASK" ]; then
> UMASK="0027"
> fi
> umask $UMASK {code}
>
> however, if i run the tomcat using by jsvc, 0077 is applied by default.
> * unix/native/arguments.c : 176
> * args->umask = 0077;
>
> does jsvc conform the default value described in the docment?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)