Menu
I have found that the file permissions have changed between Tomcat 8 and Tomcat 9 and I can't figure out how to get around it.
I had code like this where inputStream is something I feed this routine and redirectStream is a function that simply uses BufferedInput and BufferedOutput streams to read from one stream into another.
Path path = "/some/example/path/to/a/file";
Files.createDirectories(path.getParent());
redirectStream(inputStream, new FileOutputStream(path.toFile());
After executing this bit of code in Tomcat8 the directories and file would have permissions matching the umask of the user (0022). That is the directories would have drwxr-xr-x and the files would have -rw-r--r--. As these files that it is writing are then accessible to the internet the global read flag is necessary.
But under Tomcat9, the same code gives, drwxr-x--- and -rw-r----- respectively, and thus are not visible to the internet. I have tried two things. One I have explicitly set the umask to 0022 in my tomcat startup script just to make sure that is what it is to no effect. The second is to explicitly set the permissions in code to try and force the issue. This fixed the file permissions but NOT not the directory permissions and below is the updated code.
Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>();
perms.add(PosixFilePermission.OWNER_READ);
perms.add(PosixFilePermission.OWNER_WRITE);
perms.add(PosixFilePermission.OWNER_EXECUTE);
perms.add(PosixFilePermission.GROUP_READ);
perms.add(PosixFilePermission.GROUP_WRITE);
perms.add(PosixFilePermission.GROUP_EXECUTE);
perms.add(PosixFilePermission.OTHERS_READ);
perms.add(PosixFilePermission.OTHERS_EXECUTE);
Files.createDirectories(path.getParent(), PosixFilePermissions.asFileAttribute(perms));
redirectStream(inputStream, new FileOutputStream(path.toFile());
perms = new HashSet<PosixFilePermission>();
perms.add(PosixFilePermission.OWNER_READ);
perms.add(PosixFilePermission.OWNER_WRITE);
perms.add(PosixFilePermission.GROUP_READ);
perms.add(PosixFilePermission.GROUP_WRITE);
perms.add(PosixFilePermission.OTHERS_READ);
Files.setPosixFilePermissions(fullPath, perms);
Which actually fixes the file permission of the file but NOT the file permissions of the directories. I have tested the code outside of Tomcat and therefore know that it works. But for some reason Tomcat9's environment somehow makes it that the directories still get the restricted permissions.
Any ideas here?
909
The instructions say to change the group ownership of /opt/tomcat to tomcat … … then give the tomcat group write access to the configuration directory … … then give the tomcat group read access to all the configuration files … … then make the tomcat user owner of certain directories …
Apache Tomcat 9 - Servlet and JSP engine -- admin web applications. Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP) specifications from Oracle, and provides a "pure Java" HTTP web server environment for Java code to run. This package contains the administrative web interfaces.
The main log is in /opt/tomcat/logs/catalina. <date>. log . A copy of these message also end up on the standard error, which end up (by default) in systemd journal.
use
export UMASK=0022 in
setenv.sh.
See https://tomcat.apache.org/tomcat-9.0-doc/changelog.html
171
The umask value can be directly changed from 0027 to 0022 in catalina.sh file itself if you don't have setenv.sh file.
28
On Debian based systems, you can add
UMASK=0022
to /etc/default/tomcat9. Then restart Tomcat for the change to take effect.
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
