You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Scott Kelley <sk...@biomail.ucsd.edu> on 2003/01/30 02:17:42 UTC

Changing *Default* allowLinking Behavior

Hi Tomcat Users,

I'm having a problem with one of my server configurations (which has 
come up repeatedly on this list) where various items in my servlet 
contexts are unix symbolic links (on Solaris, RedHat, or MacOS X), 
and since Tomcat 4.1.18 by default disallows following these symlinks 
for security reasons, the configuration no longer works under 4.1.18. 
Previously we ran this way with Tomcat 4.0.x and 3.x with no 
problems, but the symlink behavior apparently changed in 4.1.x.

The solution (which has also come up repeatedly on the list) is 
apparently to use the allowLinking flag, like this:

     <Context  ... some valid context ... >

         <Resources className="org.apache.naming.resources.FileDirContext"
          allowLinking="true" />

     </Context>

Now this is all well and good, and I'm pretty sure it will solve our problem.

It only has one drawback... we have many servlet contexts, and we 
have never bothered to list them all in server.xml; we just let the 
default context apply to everything.

So, is there a way to configure server.xml such that the *default* 
behavior will be allowLinking="true", or do we have to manually list 
every servlet context in server.xml?

 From reading the documentation, I thought that something like this might work:

     <Engine name="Standalone" defaultHost="localhost" debug="0">

         <DefaultContext>

             <Resources className="org.apache.naming.resources.FileDirContext"
              allowLinking="true" />

         </DefaultContext>

     </Engine>

but I tried it and it didn't seem to work using 4.1.18. Also, I 
couldn't find any mention of this on the list; does anybody use a 
configuration like this?

Oh, and in case anyone's curious, the configuration we use with all 
the symlinks is one of our development configurations; our deployment 
builds do not use symlinks at all, so the problem (and the security 
issue) doesn't come up.

Any tips appreciated.

Thanks,

Scott Kelley

P.S. No, we don't want to change the default value in 
FileDirContext.java and recompile tomcat, but thanks for the 
suggestion! :-)


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org