You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Aryeh Friedman <ar...@gmail.com> on 2020/08/23 21:05:51 UTC
Allowing dir listing of root (/) dir of the machine
In order to allow my developers to quickly access any temporarily produced
html files created/stored outside of webapps (such as those created by the
jacoco test coverage tool) I want to allow read only access to the root
directory of the development server (firewalled and all access outside of
the LAN is disabled) via tomcat. I can get it to do any directory
*EXCEPT* / as the docBase but a docBase of "/" returns an empty dir listing
(which is obviously wrong):
In config/web.xml:
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
In server.xml (this works):
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web
applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common"
-->
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
<Context docBase="/fakeRoot" path="/files">
</Context>
But this does not work:
<Context docBase="/" path="/files">
--
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Re: Allowing dir listing of root (/) dir of the machine
Posted by Felix Schumacher <fe...@internetallee.de>.
Am 24.08.20 um 16:41 schrieb Aryeh Friedman:
> On Mon, Aug 24, 2020 at 4:27 AM Mark Thomas <ma...@apache.org> wrote:
>
>> On 23/08/2020 22:05, Aryeh Friedman wrote:
>>> In order to allow my developers to quickly access any temporarily
>> produced
>>> html files created/stored outside of webapps (such as those created by
>> the
>>> jacoco test coverage tool) I want to allow read only access to the root
>>> directory of the development server (firewalled and all access outside of
>>> the LAN is disabled) via tomcat. I can get it to do any directory
>>> *EXCEPT* / as the docBase but a docBase of "/" returns an empty dir
>> listing
>>> (which is obviously wrong):
>>>
>>> In config/web.xml:
>>> <servlet>
>>> <servlet-name>default</servlet-name>
>>>
>>>
>> <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
>>> <init-param>
>>> <param-name>debug</param-name>
>>> <param-value>0</param-value>
>>> </init-param>
>>> <init-param>
>>> <param-name>listings</param-name>
>>> <param-value>true</param-value>
>>> </init-param>
>>> <load-on-startup>1</load-on-startup>
>>> </servlet>
>> That should be sufficient to enable directory listings for all web
>> applications.
>>
>>> In server.xml (this works):
>>> <Host name="localhost" appBase="webapps"
>>> unpackWARs="true" autoDeploy="true">
>>>
>>> <!-- SingleSignOn valve, share authentication between web
>>> applications
>>> Documentation at: /docs/config/valve.html -->
>>> <!--
>>> <Valve
>> className="org.apache.catalina.authenticator.SingleSignOn" />
>>> -->
>>>
>>> <!-- Access log processes all example.
>>> Documentation at: /docs/config/valve.html
>>> Note: The pattern used is equivalent to using
>> pattern="common"
>>> -->
>>> <Valve className="org.apache.catalina.valves.AccessLogValve"
>>> directory="logs"
>>> prefix="localhost_access_log" suffix=".txt"
>>> pattern="%h %l %u %t "%r" %s %b" />
>>> <Context docBase="/fakeRoot" path="/files">
>>> </Context>
>> I'd do this with a ROOT.xml file in
>> $CATALINA_BASE/conf/Catalina/localhost but the above should work.
>>
>>> But this does not work:
>>> <Context docBase="/" path="/files">
>> The docBase is not correct (it should be "") but Tomcat probably will
>> let you get away with that.
>>
>>
> Tried and it gives me /usr/local/apache-tomcat-9.0/webapps as the effective
> dir. This is *NOT* what I meant by the root dir I meant the one that is
> the highest point in the file system hierarchy (i.e. the one you get when
> at a shell prompt when you type "cd /") [this is for a Unix machine of
> course since Windows has no concept of such a directory/folder]
It seems, that Tomcat will do a bit of cleanup on the paths you specify
in docBase. If I read it correctly, ContextConfig#fixDocBase will
convert the base you give to a canonical representation and remove the
leading slash. Therefore, if you specify docBase="/" (to indicate the
mount point "/" aka root of the filesystem), Tomcat will change it to
"", which then (and this is guessing) could lead to a state, Tomcat
doesn't know where to find any files.
I believe, there is no easy (safe/sane) way to get Tomcat (that is the
DefaultServlet) serve the OS-root as you want to have it. There are
probably other things you can do, to achieve your goals. Use a real
filemanager app inside of Tomcat, or use another lightweight http server
(if you really want to use http for this). Python3 has a built-in module
http.server, which could be used to do this with a one-liner in shell.
But, as others already said: Be careful!
Felix
>
>
>> I tested this locally and it works as expected.
>>
>> Maybe a file permissions issue?
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Allowing dir listing of root (/) dir of the machine
Posted by Aryeh Friedman <ar...@gmail.com>.
On Mon, Aug 24, 2020 at 1:03 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Aryeh,
>
> On 8/24/20 10:41, Aryeh Friedman wrote:
> > On Mon, Aug 24, 2020 at 4:27 AM Mark Thomas <ma...@apache.org>
> > wrote:
> >
> >> On 23/08/2020 22:05, Aryeh Friedman wrote:
> >>> In order to allow my developers to quickly access any
> >>> temporarily
> >> produced
> >>> html files created/stored outside of webapps (such as those
> >>> created by
> >> the
> >>> jacoco test coverage tool) I want to allow read only access to
> >>> the root directory of the development server (firewalled and
> >>> all access outside of the LAN is disabled) via tomcat. I can
> >>> get it to do any directory *EXCEPT* / as the docBase but a
> >>> docBase of "/" returns an empty dir
> >> listing
> >>> (which is obviously wrong):
> >>>
> >>> In config/web.xml: <servlet>
> >>> <servlet-name>default</servlet-name>
> >>>
> >>>
> >> <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-c
> lass>
> >>>
> >>
> <init-param>
> >>> <param-name>debug</param-name> <param-value>0</param-value>
> >>> </init-param> <init-param> <param-name>listings</param-name>
> >>> <param-value>true</param-value> </init-param>
> >>> <load-on-startup>1</load-on-startup> </servlet>
> >>
> >> That should be sufficient to enable directory listings for all
> >> web applications.
> >>
> >>> In server.xml (this works): <Host name="localhost"
> >>> appBase="webapps" unpackWARs="true" autoDeploy="true">
> >>>
> >>> <!-- SingleSignOn valve, share authentication between web
> >>> applications Documentation at: /docs/config/valve.html -->
> >>> <!-- <Valve
> >> className="org.apache.catalina.authenticator.SingleSignOn" />
> >>> -->
> >>>
> >>> <!-- Access log processes all example. Documentation at:
> >>> /docs/config/valve.html Note: The pattern used is equivalent to
> >>> using
> >> pattern="common"
> >>> --> <Valve
> >>> className="org.apache.catalina.valves.AccessLogValve"
> >>> directory="logs" prefix="localhost_access_log" suffix=".txt"
> >>> pattern="%h %l %u %t "%r" %s %b" /> <Context
> >>> docBase="/fakeRoot" path="/files"> </Context>
> >>
> >> I'd do this with a ROOT.xml file in
> >> $CATALINA_BASE/conf/Catalina/localhost but the above should
> >> work.
> >>
> >>> But this does not work: <Context docBase="/" path="/files">
> >>
> >> The docBase is not correct (it should be "") but Tomcat probably
> >> will let you get away with that.
> >>
> >>
> > Tried and it gives me /usr/local/apache-tomcat-9.0/webapps as the
> > effective dir. This is *NOT* what I meant by the root dir I meant
> > the one that is the highest point in the file system hierarchy
> > (i.e. the one you get when at a shell prompt when you type "cd /")
> > [this is for a Unix machine of course since Windows has no concept
> > of such a directory/folder]
>
> How are you running Tomcat? If you are using something other than
> catalina.sh to launch Tomcat, is it possible you are being put into a
> chroot jail?
>
Standard boot time start for FreeBSD (not jailed)
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9D8sMACgkQHPApP6U8
> pFhurw/9H/e16E2SHzSB9qavgKZvscT5tMLOvvsKR8bvobxOTRjttfnpygEXk26q
> sH23n6MD4/bKDUUQv6oJoqU07Fij3GL3yX7SXvriD0Dbc5bOtS/Af2N4CcLziOy1
> aqF4lddH2tAvEdJ6xBZJwZBKSQcsu0Y/Jdx/zri5ZoaVNB/vzbT6SHiFXxrckLBS
> brlNT00KCAxefW7hzjXnylm+xCVQRSt6hGsh5LrjCRuRp/cVNCFYSr2lZykmj5/+
> DvyBhgxFp27zBrT41kNvQDXiw8omqMuml42n6FKY0vfsgcQJ9sxcir+LUYfwVbBo
> pCY2MF3dOJdaXgoWncHqHeu8XZFspLOSPU8mI5/vfYCDLcI8ZiXh22c8MsH//R8x
> /KhTWttmUlD1AWiFRizi3SbEGXPq3keJS+Wi4QKVpJldIPs9zN0OlBYVri7gRrQ+
> 0zFBsLmsREhrSqYyCwtSTLcAGNasmb8I3jBKblmI+1ItI04PP+8p69qzaA/FcHMl
> WNtyobt1Y/yKShQuWggyIPHRdU+nHntFd7p2rzhnLwbj/B9P+K3KB35Lbbye01dD
> ygYDXAf14/IgHjxz7g6i3IycuJMo+KQRdogQxt3d1qSSygjLy3Y18atLtwGrcfH9
> pv0itZB14d3f7HxBv/f5IdiXRhAFbPi64/0Pi0L8QaL6W1+Whho=
> =uJ4Y
> -----END PGP SIGNATURE-----
>
--
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Re: Allowing dir listing of root (/) dir of the machine
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Aryeh,
On 8/24/20 10:41, Aryeh Friedman wrote:
> On Mon, Aug 24, 2020 at 4:27 AM Mark Thomas <ma...@apache.org>
> wrote:
>
>> On 23/08/2020 22:05, Aryeh Friedman wrote:
>>> In order to allow my developers to quickly access any
>>> temporarily
>> produced
>>> html files created/stored outside of webapps (such as those
>>> created by
>> the
>>> jacoco test coverage tool) I want to allow read only access to
>>> the root directory of the development server (firewalled and
>>> all access outside of the LAN is disabled) via tomcat. I can
>>> get it to do any directory *EXCEPT* / as the docBase but a
>>> docBase of "/" returns an empty dir
>> listing
>>> (which is obviously wrong):
>>>
>>> In config/web.xml: <servlet>
>>> <servlet-name>default</servlet-name>
>>>
>>>
>> <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-c
lass>
>>>
>>
<init-param>
>>> <param-name>debug</param-name> <param-value>0</param-value>
>>> </init-param> <init-param> <param-name>listings</param-name>
>>> <param-value>true</param-value> </init-param>
>>> <load-on-startup>1</load-on-startup> </servlet>
>>
>> That should be sufficient to enable directory listings for all
>> web applications.
>>
>>> In server.xml (this works): <Host name="localhost"
>>> appBase="webapps" unpackWARs="true" autoDeploy="true">
>>>
>>> <!-- SingleSignOn valve, share authentication between web
>>> applications Documentation at: /docs/config/valve.html -->
>>> <!-- <Valve
>> className="org.apache.catalina.authenticator.SingleSignOn" />
>>> -->
>>>
>>> <!-- Access log processes all example. Documentation at:
>>> /docs/config/valve.html Note: The pattern used is equivalent to
>>> using
>> pattern="common"
>>> --> <Valve
>>> className="org.apache.catalina.valves.AccessLogValve"
>>> directory="logs" prefix="localhost_access_log" suffix=".txt"
>>> pattern="%h %l %u %t "%r" %s %b" /> <Context
>>> docBase="/fakeRoot" path="/files"> </Context>
>>
>> I'd do this with a ROOT.xml file in
>> $CATALINA_BASE/conf/Catalina/localhost but the above should
>> work.
>>
>>> But this does not work: <Context docBase="/" path="/files">
>>
>> The docBase is not correct (it should be "") but Tomcat probably
>> will let you get away with that.
>>
>>
> Tried and it gives me /usr/local/apache-tomcat-9.0/webapps as the
> effective dir. This is *NOT* what I meant by the root dir I meant
> the one that is the highest point in the file system hierarchy
> (i.e. the one you get when at a shell prompt when you type "cd /")
> [this is for a Unix machine of course since Windows has no concept
> of such a directory/folder]
How are you running Tomcat? If you are using something other than
catalina.sh to launch Tomcat, is it possible you are being put into a
chroot jail?
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9D8sMACgkQHPApP6U8
pFhurw/9H/e16E2SHzSB9qavgKZvscT5tMLOvvsKR8bvobxOTRjttfnpygEXk26q
sH23n6MD4/bKDUUQv6oJoqU07Fij3GL3yX7SXvriD0Dbc5bOtS/Af2N4CcLziOy1
aqF4lddH2tAvEdJ6xBZJwZBKSQcsu0Y/Jdx/zri5ZoaVNB/vzbT6SHiFXxrckLBS
brlNT00KCAxefW7hzjXnylm+xCVQRSt6hGsh5LrjCRuRp/cVNCFYSr2lZykmj5/+
DvyBhgxFp27zBrT41kNvQDXiw8omqMuml42n6FKY0vfsgcQJ9sxcir+LUYfwVbBo
pCY2MF3dOJdaXgoWncHqHeu8XZFspLOSPU8mI5/vfYCDLcI8ZiXh22c8MsH//R8x
/KhTWttmUlD1AWiFRizi3SbEGXPq3keJS+Wi4QKVpJldIPs9zN0OlBYVri7gRrQ+
0zFBsLmsREhrSqYyCwtSTLcAGNasmb8I3jBKblmI+1ItI04PP+8p69qzaA/FcHMl
WNtyobt1Y/yKShQuWggyIPHRdU+nHntFd7p2rzhnLwbj/B9P+K3KB35Lbbye01dD
ygYDXAf14/IgHjxz7g6i3IycuJMo+KQRdogQxt3d1qSSygjLy3Y18atLtwGrcfH9
pv0itZB14d3f7HxBv/f5IdiXRhAFbPi64/0Pi0L8QaL6W1+Whho=
=uJ4Y
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Allowing dir listing of root (/) dir of the machine
Posted by Aryeh Friedman <ar...@gmail.com>.
On Mon, Aug 24, 2020 at 12:34 PM Olaf Kock <to...@olafkock.de> wrote:
>
> On 24.08.20 16:41, Aryeh Friedman wrote:
> > On Mon, Aug 24, 2020 at 4:27 AM Mark Thomas <ma...@apache.org> wrote:
> >
> >> On 23/08/2020 22:05, Aryeh Friedman wrote:
> >>> In order to allow my developers to quickly access any temporarily
> >> produced
> >>> html files created/stored outside of webapps (such as those created by
> >> the
> >>> jacoco test coverage tool) I want to allow read only access to the root
> >>> directory of the development server (firewalled and all access outside
> of
> >>> the LAN is disabled) via tomcat. I can get it to do any directory
> >>> *EXCEPT* / as the docBase but a docBase of "/" returns an empty dir
> >> listing
> >>
> [snip]
> >> I'd do this with a ROOT.xml file in
> >> $CATALINA_BASE/conf/Catalina/localhost but the above should work.
> [snip]
>
>
> I'd recommend to *not* go this route. Rather google for "java web file
> manager" or variations thereof: You'll find several open source projects
> that implement a file browser in a deployable web application. You can
> apply password protection to it, update/deploy/configure the application
> (e.g. to prevent /etc/passwd to be read) and so on.
>
1. The LAN is completely firewalled and NAT'ed off (there is no easy way
for an outsider to get to it and if they did find a way we would have
bigger problems then someone who got to see the contents of some VM that
has nothing but source code and the compiled results there of in it)
2. There are two users: me and my co-developer/business partner/spouse so I
have 100% trust in them
>
> I'm explicitly not linking any of those applications here, as I can't
> recommend any from my own experience. I remember to have worked with one
> ages ago that was implemented in a single JSP (great to plant a
> debugging backdoor on production servers. But /cough/ who would ever do
> that?)
>
My co-developer does not use Java, not have a JRE installed (nor do they
want one installed due the security issues of desktop java apps), to do
their editing they write their java code in notepad and upload it to the
development server (this is specifically meant so the can easily look at
the *RENDERED* html output of jacoco's coverage report, jacoco does not
output anything but raw html files in the current working dir). Since our
version control software, aegis, uses discrete change sets with development
dir is always in the users home dir and jacoco produces its results
relative to the dir it was called in (the dev dir) it is not easy make this
a web app (even with symlinks some scripting would be needed and it would
need to be on the smart end.... besides starting and stopping tomcat takes
about 20 seconds (even if scripted) and thus would really put a kink in the
write some code->compile->test->check coverage->write some more code->...
cycle which usually is a few mins at tops)
Tl; DR -- We are well aware of the risks in *GENERAL* this just don't apply
in our case though
--
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Re: Allowing dir listing of root (/) dir of the machine
Posted by Olaf Kock <to...@olafkock.de>.
On 24.08.20 16:41, Aryeh Friedman wrote:
> On Mon, Aug 24, 2020 at 4:27 AM Mark Thomas <ma...@apache.org> wrote:
>
>> On 23/08/2020 22:05, Aryeh Friedman wrote:
>>> In order to allow my developers to quickly access any temporarily
>> produced
>>> html files created/stored outside of webapps (such as those created by
>> the
>>> jacoco test coverage tool) I want to allow read only access to the root
>>> directory of the development server (firewalled and all access outside of
>>> the LAN is disabled) via tomcat. I can get it to do any directory
>>> *EXCEPT* / as the docBase but a docBase of "/" returns an empty dir
>> listing
>>
[snip]
>> I'd do this with a ROOT.xml file in
>> $CATALINA_BASE/conf/Catalina/localhost but the above should work.
[snip]
I'd recommend to *not* go this route. Rather google for "java web file
manager" or variations thereof: You'll find several open source projects
that implement a file browser in a deployable web application. You can
apply password protection to it, update/deploy/configure the application
(e.g. to prevent /etc/passwd to be read) and so on.
I'm explicitly not linking any of those applications here, as I can't
recommend any from my own experience. I remember to have worked with one
ages ago that was implemented in a single JSP (great to plant a
debugging backdoor on production servers. But /cough/ who would ever do
that?)
Olaf
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Allowing dir listing of root (/) dir of the machine
Posted by Mark Thomas <ma...@apache.org>.
On 25/08/2020 09:19, Mark Thomas wrote:
> On 24/08/2020 15:41, Aryeh Friedman wrote:
>
> <snip/>
>
>> Tried and it gives me /usr/local/apache-tomcat-9.0/webapps as the effective
>> dir. This is *NOT* what I meant by the root dir I meant the one that is
>> the highest point in the file system hierarchy (i.e. the one you get when
>> at a shell prompt when you type "cd /") [this is for a Unix machine of
>> course since Windows has no concept of such a directory/folder]
>
> Sorry, got my roots mixed up.
>
> <Context path="" docBase="/" />
>
> gives me an empty directory listing as well - and it isn't a file
> permissions issue.
>
> I need to do some debugging to figure out what is going on...
Edge case bug in path validation. Will be fixed in the next round of
releases (expected early next month).
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Allowing dir listing of root (/) dir of the machine
Posted by Mark Thomas <ma...@apache.org>.
On 24/08/2020 15:41, Aryeh Friedman wrote:
<snip/>
> Tried and it gives me /usr/local/apache-tomcat-9.0/webapps as the effective
> dir. This is *NOT* what I meant by the root dir I meant the one that is
> the highest point in the file system hierarchy (i.e. the one you get when
> at a shell prompt when you type "cd /") [this is for a Unix machine of
> course since Windows has no concept of such a directory/folder]
Sorry, got my roots mixed up.
<Context path="" docBase="/" />
gives me an empty directory listing as well - and it isn't a file
permissions issue.
I need to do some debugging to figure out what is going on...
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Allowing dir listing of root (/) dir of the machine
Posted by Aryeh Friedman <ar...@gmail.com>.
On Mon, Aug 24, 2020 at 4:27 AM Mark Thomas <ma...@apache.org> wrote:
> On 23/08/2020 22:05, Aryeh Friedman wrote:
> > In order to allow my developers to quickly access any temporarily
> produced
> > html files created/stored outside of webapps (such as those created by
> the
> > jacoco test coverage tool) I want to allow read only access to the root
> > directory of the development server (firewalled and all access outside of
> > the LAN is disabled) via tomcat. I can get it to do any directory
> > *EXCEPT* / as the docBase but a docBase of "/" returns an empty dir
> listing
> > (which is obviously wrong):
> >
> > In config/web.xml:
> > <servlet>
> > <servlet-name>default</servlet-name>
> >
> >
> <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
> > <init-param>
> > <param-name>debug</param-name>
> > <param-value>0</param-value>
> > </init-param>
> > <init-param>
> > <param-name>listings</param-name>
> > <param-value>true</param-value>
> > </init-param>
> > <load-on-startup>1</load-on-startup>
> > </servlet>
>
> That should be sufficient to enable directory listings for all web
> applications.
>
> > In server.xml (this works):
> > <Host name="localhost" appBase="webapps"
> > unpackWARs="true" autoDeploy="true">
> >
> > <!-- SingleSignOn valve, share authentication between web
> > applications
> > Documentation at: /docs/config/valve.html -->
> > <!--
> > <Valve
> className="org.apache.catalina.authenticator.SingleSignOn" />
> > -->
> >
> > <!-- Access log processes all example.
> > Documentation at: /docs/config/valve.html
> > Note: The pattern used is equivalent to using
> pattern="common"
> > -->
> > <Valve className="org.apache.catalina.valves.AccessLogValve"
> > directory="logs"
> > prefix="localhost_access_log" suffix=".txt"
> > pattern="%h %l %u %t "%r" %s %b" />
> > <Context docBase="/fakeRoot" path="/files">
> > </Context>
>
> I'd do this with a ROOT.xml file in
> $CATALINA_BASE/conf/Catalina/localhost but the above should work.
>
> > But this does not work:
> > <Context docBase="/" path="/files">
>
> The docBase is not correct (it should be "") but Tomcat probably will
> let you get away with that.
>
>
Tried and it gives me /usr/local/apache-tomcat-9.0/webapps as the effective
dir. This is *NOT* what I meant by the root dir I meant the one that is
the highest point in the file system hierarchy (i.e. the one you get when
at a shell prompt when you type "cd /") [this is for a Unix machine of
course since Windows has no concept of such a directory/folder]
> I tested this locally and it works as expected.
>
> Maybe a file permissions issue?
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Re: Allowing dir listing of root (/) dir of the machine
Posted by Mark Thomas <ma...@apache.org>.
On 23/08/2020 22:05, Aryeh Friedman wrote:
> In order to allow my developers to quickly access any temporarily produced
> html files created/stored outside of webapps (such as those created by the
> jacoco test coverage tool) I want to allow read only access to the root
> directory of the development server (firewalled and all access outside of
> the LAN is disabled) via tomcat. I can get it to do any directory
> *EXCEPT* / as the docBase but a docBase of "/" returns an empty dir listing
> (which is obviously wrong):
>
> In config/web.xml:
> <servlet>
> <servlet-name>default</servlet-name>
>
> <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
> <init-param>
> <param-name>debug</param-name>
> <param-value>0</param-value>
> </init-param>
> <init-param>
> <param-name>listings</param-name>
> <param-value>true</param-value>
> </init-param>
> <load-on-startup>1</load-on-startup>
> </servlet>
That should be sufficient to enable directory listings for all web
applications.
> In server.xml (this works):
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true">
>
> <!-- SingleSignOn valve, share authentication between web
> applications
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
> -->
>
> <!-- Access log processes all example.
> Documentation at: /docs/config/valve.html
> Note: The pattern used is equivalent to using pattern="common"
> -->
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
> prefix="localhost_access_log" suffix=".txt"
> pattern="%h %l %u %t "%r" %s %b" />
> <Context docBase="/fakeRoot" path="/files">
> </Context>
I'd do this with a ROOT.xml file in
$CATALINA_BASE/conf/Catalina/localhost but the above should work.
> But this does not work:
> <Context docBase="/" path="/files">
The docBase is not correct (it should be "") but Tomcat probably will
let you get away with that.
I tested this locally and it works as expected.
Maybe a file permissions issue?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org