You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "James T. Studebaker" <jt...@jimstudebaker.org> on 2005/03/30 04:31:42 UTC
Data file owner and group difficulties
Leaves
My servlets create data files. The webapp is running on a Linux system. The app user is jims and my group is jims. I have to set permissions to 777 in order for tomcat to read data files. When data files are created, the user is tomcat and the group is nobody. As a result my servlets can not read the data files created. Is the a configuration parameter that will result in data files created with a user of jims and a group of jims. Is there configuration parameters that result in tomcat being able to read data files with the user jims and the group jims.
Thank you
James T. Studebaker
Re: Data file owner and group difficulties
Posted by QM <qm...@brandxdev.net>.
On Wed, Mar 30, 2005 at 08:23:04AM -0500, James T. Studebaker wrote:
: Yes, Tomcat runs as tomcat:nobody. I can not run Tomcat as jims:jims since
: jims is a virtual host account. I should have mentioned this in my initial
: email.
Yes, since the statement "The app user is jims and my group is jims" may
lead someone to believe that Tomcat runs as jims:jims (or at least that
the user is jims).
: However Tomcat runs as tomcat:nobody, the default configuration. All users
: need to have the ability to create and read data files with the owner:group
: of their own accounts. Can this be done?
Directly? no.
Independence from the underlying OS is a big part of Java, not to
mention Java webapps.
With a layer of abstraction? Likely.
You could move all needed auth/security to the database layer, if you
get a private database (or at least private tables). That would mean
you'd store the files in the database.
This setup wouldn't sync with the existing (system) user/password
tables, but for most of the webapps I've seen/written, this is a
feature. =)
-QM
--
software -- http://www.brandxdev.net/
tech news -- http://www.RoarNetworX.com/
code scan -- http://www.JxRef.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Data file owner and group difficulties
Posted by "James T. Studebaker" <jt...@jimstudebaker.org>.
Yes, Tomcat runs as tomcat:nobody. I can not run Tomcat as jims:jims since
jims is a virtual host account. I should have mentioned this in my initial
email. I am one of numerous users who have an account that has access
tomcat. The file structure of the account has a webapps directory where I
install a java web application to be served by Tomcat. The owner:group for
this account is jims:jims. Other users will have a different owner:group.
However Tomcat runs as tomcat:nobody, the default configuration. All users
need to have the ability to create and read data files with the owner:group
of their own accounts. Can this be done?
Thank you
James T. Studebaker
----- Original Message -----
From: "QM" <qm...@brandxdev.net>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Wednesday, March 30, 2005 7:15 AM
Subject: Re: Data file owner and group difficulties
On Tue, Mar 29, 2005 at 09:31:42PM -0500, James T. Studebaker wrote:
: My servlets create data files. The webapp is running on a Linux system.
The
: app user is jims and my group is jims. I have to set permissions to 777
in
: order for tomcat to read data files. When data files are created, the
user is
: tomcat and the group is nobody.
This last sentence would imply that Tomcat is running as tomcat:nobody,
and not as jims:jims as you suspect. Run 'ps' to confirm. Also, check
how you start Tomcat and see whether a user switch occurs there.
: Is the a configuration parameter that will result in data
: files created with a user of jims and a group of jims. Is there
configuration
: parameters that result in tomcat being able to read data files with the
user
: jims and the group jims.
This wouldn't be set in Tomcat, but in the JVM itself. In turn, (IIRC)
the base JVM has no way of setting ownership/permissions.
-QM
--
software -- http://www.brandxdev.net/
tech news -- http://www.RoarNetworX.com/
code scan -- http://www.JxRef.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Data file owner and group difficulties
Posted by QM <qm...@brandxdev.net>.
On Tue, Mar 29, 2005 at 09:31:42PM -0500, James T. Studebaker wrote:
: My servlets create data files. The webapp is running on a Linux system. The
: app user is jims and my group is jims. I have to set permissions to 777 in
: order for tomcat to read data files. When data files are created, the user is
: tomcat and the group is nobody.
This last sentence would imply that Tomcat is running as tomcat:nobody,
and not as jims:jims as you suspect. Run 'ps' to confirm. Also, check
how you start Tomcat and see whether a user switch occurs there.
: Is the a configuration parameter that will result in data
: files created with a user of jims and a group of jims. Is there configuration
: parameters that result in tomcat being able to read data files with the user
: jims and the group jims.
This wouldn't be set in Tomcat, but in the JVM itself. In turn, (IIRC)
the base JVM has no way of setting ownership/permissions.
-QM
--
software -- http://www.brandxdev.net/
tech news -- http://www.RoarNetworX.com/
code scan -- http://www.JxRef.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org