You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Marco <ma...@mijnvereniging.info> on 2007/07/29 12:40:04 UTC

Webapp file permissions in Tomcat 5.5

Hello,

 

 

I am having problems making my webapps capable of doing read/write
statements. They fail with an 'permission denied' exception.

The webapps run on the server with Plesk 8.1.1 and Tomcat 5.5.23-0jpp.2.fc6
installed.

 

I use simple statements like:

 

----------------------------------------------------------------------------
----------------------------------------------

    try {

      FileWriter filewriter = new
FileWriter("/var/www/vhosts/mydomain/httpdocs/test.html");

      filewriter.write("Testline\n");

      filewriter.close();

    }

    catch (IOException ex) {

    }

----------------------------------------------------------------------------
----------------------------------------------

 

AND

 

----------------------------------------------------------------------------
----------------------------------------------

   Result = new File("/var/www/vhosts/mydomain/httpdocs/testdir").mkdirs();

----------------------------------------------------------------------------
----------------------------------------------

 

 

 

I have done a lot of research and testing, but al didn't work out:

 

1.       Modifying catalina.policy:
grant codeBase "file:${catalina.home}/psa-webapps/mydomain/-" {
permission java.io.FilePermission "/var/www/vhosts/asbreuk.biz/httpdocs/-",
"read";
permission java.io.FilePermission "/var/www/vhosts/asbreuk.biz/httpdocs/-",
"write";
permission java.io.FilePermission "/var/www/vhosts/asbreuk.biz/httpdocs/-",
"delete";
}

2.       Modifying catalina.policy:
grant codeBase "file:${catalina.home}/psa-webapps/mydomain/-" {
permission java.security.AllPermission;  
}

3.       Modifying catalina.policy:
grant {
.....
.....
permission java.security.AllPermission;  
}

4.       I have tried to modify files & directories in different places. The
idea was that perhaps some directories worked out fine and others were
denied.
In practice all directories failed.

5.       Searched the Tomat documentation:
http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html
All is said that modifying catalina.policy should do the trick. (not in my
case.)

6.       Searched the Tomcat FAQ:
All is said that modifying catalina.policy should do the trick.

7.       Searched on Google:
No solutions found. I found some interesting subject on the java-forum
though:
http://forum.java.sun.com/thread.jspa?threadID=5134898
<http://forum.java.sun.com/thread.jspa?threadID=5134898&messageID=9494541>
&messageID=9494541
In the end of this subject, it is said that the problem was solved by
upgrading from Tomcat 5.5. to Tomcat 6.0
Unfortunately, I cannot do this, because Tomcat 5.5.23-0jpp.2.fc6 is part of
Plesk 8.1.1.

 

 

Could you please help me out of this?

 

 

Kind Regards,

 

Marco.

Re: Webapp file permissions in Tomcat 5.5

Posted by David Smith <dn...@cornell.edu>.

The stack trace related to your "permission denied" exception would go 
miles toward resolving this.  It may be because of the security manager 
or it may be because of OS limits on the permissions given to the user 
tomcat is running as.

--David

Marco wrote:
> Hello,
>
>  
>
>  
>
> I am having problems making my webapps capable of doing read/write
> statements. They fail with an 'permission denied' exception.
>
> The webapps run on the server with Plesk 8.1.1 and Tomcat 5.5.23-0jpp.2.fc6
> installed.
>
>  
>
> I use simple statements like:
>
>  
>
> ----------------------------------------------------------------------------
> ----------------------------------------------
>
>     try {
>
>       FileWriter filewriter = new
> FileWriter("/var/www/vhosts/mydomain/httpdocs/test.html");
>
>       filewriter.write("Testline\n");
>
>       filewriter.close();
>
>     }
>
>     catch (IOException ex) {
>
>     }
>
> ----------------------------------------------------------------------------
> ----------------------------------------------
>
>  
>
> AND
>
>  
>
> ----------------------------------------------------------------------------
> ----------------------------------------------
>
>    Result = new File("/var/www/vhosts/mydomain/httpdocs/testdir").mkdirs();
>
> ----------------------------------------------------------------------------
> ----------------------------------------------
>
>  
>
>  
>
>  
>
> I have done a lot of research and testing, but al didn't work out:
>
>  
>
> 1.       Modifying catalina.policy:
> grant codeBase "file:${catalina.home}/psa-webapps/mydomain/-" {
> permission java.io.FilePermission "/var/www/vhosts/asbreuk.biz/httpdocs/-",
> "read";
> permission java.io.FilePermission "/var/www/vhosts/asbreuk.biz/httpdocs/-",
> "write";
> permission java.io.FilePermission "/var/www/vhosts/asbreuk.biz/httpdocs/-",
> "delete";
> }
>
> 2.       Modifying catalina.policy:
> grant codeBase "file:${catalina.home}/psa-webapps/mydomain/-" {
> permission java.security.AllPermission;  
> }
>
> 3.       Modifying catalina.policy:
> grant {
> .....
> .....
> permission java.security.AllPermission;  
> }
>
> 4.       I have tried to modify files & directories in different places. The
> idea was that perhaps some directories worked out fine and others were
> denied.
> In practice all directories failed.
>
> 5.       Searched the Tomat documentation:
> http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html
> All is said that modifying catalina.policy should do the trick. (not in my
> case.)
>
> 6.       Searched the Tomcat FAQ:
> All is said that modifying catalina.policy should do the trick.
>
> 7.       Searched on Google:
> No solutions found. I found some interesting subject on the java-forum
> though:
> http://forum.java.sun.com/thread.jspa?threadID=5134898
> <http://forum.java.sun.com/thread.jspa?threadID=5134898&messageID=9494541>
> &messageID=9494541
> In the end of this subject, it is said that the problem was solved by
> upgrading from Tomcat 5.5. to Tomcat 6.0
> Unfortunately, I cannot do this, because Tomcat 5.5.23-0jpp.2.fc6 is part of
> Plesk 8.1.1.
>
>  
>
>  
>
> Could you please help me out of this?
>
>  
>
>  
>
> Kind Regards,
>
>  
>
> Marco.
>
>  
>
>  
>
>
>   


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Webapp file permissions in Tomcat 5.5

Posted by Martin Gainty <mg...@hotmail.com>.

in $CATALINA_HOME/conf/catalina.policy make these grants so tomcat has permission to the folder (or specific file)
//substitute in the exact folder location to ${java.home}/lib the - at the end says ALL files in that folder..

grant codeBase "file:${java.home}/lib/-" {
        permission java.security.AllPermission;
};

HTH/
Martin
--------------------------------------------------------------------------- 
This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited.
--------------------------------------------------------------------------- 
Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant) s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire.
----- Original Message ----- 
From: "Len Popp" <le...@gmail.com>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Sent: Sunday, July 29, 2007 9:57 AM
Subject: Re: Webapp file permissions in Tomcat 5.5


> Have you checked that the user account Tomcat runs under has
> permission to write files in the directory you're using?
> 
> Also, have you tried writing files in the temp directory provided by
> the container? (identified by context attribute
> "javax.servlet.context.tempdir")
> -- 
> Len
> 
> On 7/29/07, Marco <ma...@mijnvereniging.info> wrote:
>> Hello,
>>
>>
>>
>>
>>
>> I am having problems making my webapps capable of doing read/write
>> statements. They fail with an 'permission denied' exception.
>>
>> The webapps run on the server with Plesk 8.1.1 and Tomcat 5.5.23-0jpp.2.fc6
>> installed.
>>
>>
>>
>> I use simple statements like:
>>
>>
>>
>> ----------------------------------------------------------------------------
>> ----------------------------------------------
>>
>>     try {
>>
>>       FileWriter filewriter = new
>> FileWriter("/var/www/vhosts/mydomain/httpdocs/test.html");
>>
>>       filewriter.write("Testline\n");
>>
>>       filewriter.close();
>>
>>     }
>>
>>     catch (IOException ex) {
>>
>>     }
>>
>> ----------------------------------------------------------------------------
>> ----------------------------------------------
>>
>>
>>
>> AND
>>
>>
>>
>> ----------------------------------------------------------------------------
>> ----------------------------------------------
>>
>>    Result = new File("/var/www/vhosts/mydomain/httpdocs/testdir").mkdirs();
>>
>> ----------------------------------------------------------------------------
>> ----------------------------------------------
>>
>>
>>
>>
>>
>>
>>
>> I have done a lot of research and testing, but al didn't work out:
>>
>>
>>
>> 1.       Modifying catalina.policy:
>> grant codeBase "file:${catalina.home}/psa-webapps/mydomain/-" {
>> permission java.io.FilePermission "/var/www/vhosts/asbreuk.biz/httpdocs/-",
>> "read";
>> permission java.io.FilePermission "/var/www/vhosts/asbreuk.biz/httpdocs/-",
>> "write";
>> permission java.io.FilePermission "/var/www/vhosts/asbreuk.biz/httpdocs/-",
>> "delete";
>> }
>>
>> 2.       Modifying catalina.policy:
>> grant codeBase "file:${catalina.home}/psa-webapps/mydomain/-" {
>> permission java.security.AllPermission;
>> }
>>
>> 3.       Modifying catalina.policy:
>> grant {
>> .....
>> .....
>> permission java.security.AllPermission;
>> }
>>
>> 4.       I have tried to modify files & directories in different places. The
>> idea was that perhaps some directories worked out fine and others were
>> denied.
>> In practice all directories failed.
>>
>> 5.       Searched the Tomat documentation:
>> http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html
>> All is said that modifying catalina.policy should do the trick. (not in my
>> case.)
>>
>> 6.       Searched the Tomcat FAQ:
>> All is said that modifying catalina.policy should do the trick.
>>
>> 7.       Searched on Google:
>> No solutions found. I found some interesting subject on the java-forum
>> though:
>> http://forum.java.sun.com/thread.jspa?threadID=5134898
>> <http://forum.java.sun.com/thread.jspa?threadID=5134898&messageID=9494541>
>> &messageID=9494541
>> In the end of this subject, it is said that the problem was solved by
>> upgrading from Tomcat 5.5. to Tomcat 6.0
>> Unfortunately, I cannot do this, because Tomcat 5.5.23-0jpp.2.fc6 is part of
>> Plesk 8.1.1.
>>
>>
>>
>>
>>
>> Could you please help me out of this?
>>
>>
>>
>>
>>
>> Kind Regards,
>>
>>
>>
>> Marco.
>>
>>
>>
>>
>>
>>
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
>

Re: Webapp file permissions in Tomcat 5.5

Posted by Len Popp <le...@gmail.com>.

Have you checked that the user account Tomcat runs under has
permission to write files in the directory you're using?

Also, have you tried writing files in the temp directory provided by
the container? (identified by context attribute
"javax.servlet.context.tempdir")
-- 
Len

On 7/29/07, Marco <ma...@mijnvereniging.info> wrote:
> Hello,
>
>
>
>
>
> I am having problems making my webapps capable of doing read/write
> statements. They fail with an 'permission denied' exception.
>
> The webapps run on the server with Plesk 8.1.1 and Tomcat 5.5.23-0jpp.2.fc6
> installed.
>
>
>
> I use simple statements like:
>
>
>
> ----------------------------------------------------------------------------
> ----------------------------------------------
>
>     try {
>
>       FileWriter filewriter = new
> FileWriter("/var/www/vhosts/mydomain/httpdocs/test.html");
>
>       filewriter.write("Testline\n");
>
>       filewriter.close();
>
>     }
>
>     catch (IOException ex) {
>
>     }
>
> ----------------------------------------------------------------------------
> ----------------------------------------------
>
>
>
> AND
>
>
>
> ----------------------------------------------------------------------------
> ----------------------------------------------
>
>    Result = new File("/var/www/vhosts/mydomain/httpdocs/testdir").mkdirs();
>
> ----------------------------------------------------------------------------
> ----------------------------------------------
>
>
>
>
>
>
>
> I have done a lot of research and testing, but al didn't work out:
>
>
>
> 1.       Modifying catalina.policy:
> grant codeBase "file:${catalina.home}/psa-webapps/mydomain/-" {
> permission java.io.FilePermission "/var/www/vhosts/asbreuk.biz/httpdocs/-",
> "read";
> permission java.io.FilePermission "/var/www/vhosts/asbreuk.biz/httpdocs/-",
> "write";
> permission java.io.FilePermission "/var/www/vhosts/asbreuk.biz/httpdocs/-",
> "delete";
> }
>
> 2.       Modifying catalina.policy:
> grant codeBase "file:${catalina.home}/psa-webapps/mydomain/-" {
> permission java.security.AllPermission;
> }
>
> 3.       Modifying catalina.policy:
> grant {
> .....
> .....
> permission java.security.AllPermission;
> }
>
> 4.       I have tried to modify files & directories in different places. The
> idea was that perhaps some directories worked out fine and others were
> denied.
> In practice all directories failed.
>
> 5.       Searched the Tomat documentation:
> http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html
> All is said that modifying catalina.policy should do the trick. (not in my
> case.)
>
> 6.       Searched the Tomcat FAQ:
> All is said that modifying catalina.policy should do the trick.
>
> 7.       Searched on Google:
> No solutions found. I found some interesting subject on the java-forum
> though:
> http://forum.java.sun.com/thread.jspa?threadID=5134898
> <http://forum.java.sun.com/thread.jspa?threadID=5134898&messageID=9494541>
> &messageID=9494541
> In the end of this subject, it is said that the problem was solved by
> upgrading from Tomcat 5.5. to Tomcat 6.0
> Unfortunately, I cannot do this, because Tomcat 5.5.23-0jpp.2.fc6 is part of
> Plesk 8.1.1.
>
>
>
>
>
> Could you please help me out of this?
>
>
>
>
>
> Kind Regards,
>
>
>
> Marco.
>
>
>
>
>
>

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org