Results 1 to 9 of 9

Thread: Tomcat umask

  1. #1
    Join Date
    Sep 2009
    Location
    Alverca do Ribatejo, Portugal
    Posts
    53

    Question Tomcat umask

    Hello all!

    I have an application that runs on tomcat. In that application it's the possible to upload some files. Those files are then stored on a Postgres database.

    My problem is that the umask set for the users is 077, therefore, when the postgres user tries to read the uploaded file to insert it in the database it has no permissions to do it.

    My question is: how can I define a 022 umask for tomcat while maintaining the 077 for all other users?

    Best regards,
    Jorge

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    29,828

    Default Re: Tomcat umask

    I do not know much about Tomcat, but suppose it is running as a daemon and that daemon process should have the umask you want. As umask is a property of a running process inherited by its parent, you could place an umask statement in the script that starts the daemon (is that in /etc/init.d?).
    Henk van Velden

  3. #3
    Join Date
    Sep 2009
    Location
    Alverca do Ribatejo, Portugal
    Posts
    53

    Default Re: Tomcat umask

    Hello hcvv!

    Thanks for your reply.

    I did as you told and changed the rctromcat6 script (which is a link to /etc/init.d/tomcat as you well guessed).

    A added two lines on the start function:
    Code:
    if [ "$SECURITY_MANAGER" = "true" ]; then
            $SU - $TOMCAT_USER -c "$TOMCAT_SCRIPT start-security" \
                >> $TOMCAT_LOG 2>&1
        else
            $SU - $TOMCAT_USER -c "$TOMCAT_SCRIPT start" >> $TOMCAT_LOG 2>&1
            $SU - $TOMCAT_USER -c "umask 022" >> $TOMCAT_LOG 2>&1 #(THIS ONE)
        fi
    and simply:
    Code:
    umask 022
    at the end of the function.

    Now I only have to see which of the lines was responsible for doing what I wanted.

    Thanks.

  4. #4
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    29,828

    Default Re: Tomcat umask

    I am afraid that it will not work.
    Code:
    $SU - $TOMCAT_USER -c "umask 022" >> $TOMCAT_LOG 2>&1
    simply means that a shell (process) is started for user TOMCAT_USER and in that shell the umask is executed, which will add the umask to the environment of that process and hence be part of the environment of all the childs of that process from then on. Alas, that process is finished because there is nothing more to do and returns to the calling shell (the one where the above statement is in).
    It will thus never have anything to do with what happens due to:
    Code:
     $SU - $TOMCAT_USER -c "$TOMCAT_SCRIPT start" >> $TOMCAT_LOG 2>&1
    which runs already earlier (in a different process) and is finished (or detached itself) before the umask is even run.

    Remind what I said in the earlier post: umask is part of the environment of a process and is propagated to its OFFSPRING.
    What I would try is:
    Code:
       if [ "$SECURITY_MANAGER" = "true" ]; then
            $SU - $TOMCAT_USER -c "$TOMCAT_SCRIPT start-security" \
                >> $TOMCAT_LOG 2>&1
        else
            umask | read OLDUMASK
            umask 022
            $SU - $TOMCAT_USER -c "$TOMCAT_SCRIPT start" >> $TOMCAT_LOG 2>&1
            umask $OLDUMASK
        fi
    It would:
    . save the umask as it is in the process this script is running in;
    . set the umask of this process;
    . call the TOMCAT_SCRIPT, which will be a child and thus inherit the umask;
    . restore the umask.
    Henk van Velden

  5. #5
    Join Date
    Sep 2009
    Location
    Alverca do Ribatejo, Portugal
    Posts
    53

    Default Re: Tomcat umask

    Thank you for clarifying it for me.

    What I did was:
    Code:
    function start() {
        # keep old umask
        OLDUMASK=`umask`
        umask 022
     
        ################
        #
        # function body
        #
        ################
     
        # return to previous umask
        umask $OLDUMASK
     
        rc_status -v
    }
    Seems to work

  6. #6
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    29,828

    Default Re: Tomcat umask

    That looks allright to me. It seems that you got how it works!

    I see that you use an alternative to my
    Code:
    umask | read OLDUMASK
    That is OK (there are allways many ways to do things in Unix/Linux of which a considerable numer are good ways to do it). I would prefer
    Code:
    OLDUMASK=$(umask)
    which does the same, but (IMHO) is better readable (specialy on long statements), no confusion with ' quoting, can be nested like in
    Code:
    IP=$(host $(uname -n))
    Henk van Velden

  7. #7
    Join Date
    Sep 2009
    Location
    Alverca do Ribatejo, Portugal
    Posts
    53

    Default Re: Tomcat umask

    Quote Originally Posted by hcvv View Post
    I see that you use an alternative to my
    Code:
    umask | read OLDUMASK
    Yes, because I remember reading somewhere that the pipe also creates a sub-shell so the OLDUMASK variable might be blank.

    That's why I used the `umask`.

    Didn't know the alternative
    Code:
    OLDUMASK=$(umask)
    Seems nice

  8. #8
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    29,828

    Default Re: Tomcat umask

    In fact the `...` construction can be seen as a compatibality with the old Bourne shell. Allready the Korn shell has it. But people keep on telling newbies that the `...` is such a nice thing. It only proves IMHO that thay never studies realy ksh/bash .

    The | read construction works very well. In your case the $(..) is sufficient and very clear. But look at this one:
    Code:
    host $(uname -n) | read HOSTNAME R R IPADDRESS
    This will get the real info from the host statement in two variables, throwing away (in R) what is not needed. Very handy.

    Or take the example of a file containing lines with each three : seperated values:
    Code:
    cat file | while IFS=':' read VALUE1 VALUE2 VALUE3
    do      ....
            ...
    done
    But you can skip the cat and the pipe here with:
    Code:
    while IFS=':' read VALUE1 VALUE2 VALUE3
    do      ....
            ...
    done <file
    But we are getting off topic
    Henk van Velden

  9. #9

    Default Re: Tomcat umask

    unable to find a way to create a new thread, thus using this one...
    (and i have searched for umask & checked all 11 threads...)

    i have a directory /dir which i would like to use as a "repository" for all users to share files
    files they create, files they download, generate whatever
    /dir should also serve as a permanent STRUCTURED storage area for the files - thus users should be able to create sub-directories with the same right as /dir has (770 - i created a group GRP1000 and made it the group for /dir )

    WRONG ANSWER : set umask to 770
    - in other directories users should keep the 700 umask
    A strong conviction that something must be done is the parent of many bad measures.
    - Daniel Webster

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •