• Post Reply Bookmark Topic Watch Topic
  • New Topic

newbie: UNIX and Tomcat file permissions  RSS feed

 
Gill Clover
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi there,
I'm a complete UNIX novice so I hope what I say with regards to it make sense...
I have developed a web application using servlets on my home machine, running Tomcat 4 and Windows XP Home. The app forms part of my dissertation and I need to put it on my university's web server (also Tomcat 4). This is where the problem comes in:
In my app, I have to write two HTML files to disk, to subsequently use them in a frameset. On XP at home this has always worked fine as I haven't needed to change file permissions...
The university stores student files on a UNIX (Solaris) hosted file server, hence I need to set file permissions to allow myself and Tomcat access to files which I either read or write. To allow Tomcat to read files, I had to use the command 'opset fileName.html'. This works perfectly.
However, I was told by a lecturer (who can't figure out my problem) that to allow Tomcat to *write* to files, I could maybe use a command taken from the opset command:
setfacl -s u::rw-,g::---,g:srr:rw-,mask:rw-,o:--- anotherFile.html
This doesn't work. As I said before, I don't know anything about UNIX and these commands and how they work.
Does anyone have a further suggestion for allowing Tomcat to write (as well as read) to a file? Also, if I use 'opset...' and then 'setfacl...' on the same file, does the latter cancel out the former?
Thanks in advance,
Gillian Klee
 
Tim Holloway
Saloon Keeper
Posts: 18799
74
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think the problem here is that you're using "Unix" commands under Linux.
While Unix, Linux, AIX, Solaris, etc. are more or less the same basic OS from a programmer's point of view, there are some differences. My copy of Red Hat 7.3 doesn't support "setfacl" or "opset". ACLs are still new to Linux, in any event.
All Tomcat needs to be able to write files is something like the following:
mkdir -p /var/MyTomcatFiles
chown tomcat4:tomcat4 /var/MyTomcatFiles
chmod 750 /var/MyTomcatFiles
This will then create a directory into which servlets, JSPs and other user-written services running under Tomcat can read and write using the standard java.io package methods.
It's NOT a good idea for a number of reasons to use the Tomcat directory tree itself for your files nor to attempt to create services that try and read/write relative to the tomcat directory path.
 
Cindy Li
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
setfacl command is supported in Solairs. It stands for set file access control list, allow you define permission for specific user and group.
The permission in you example is 600, means only yourself, the owner can read/write the file. a group call srr has permission read/write.
The Tomcat4 running on SUN machine should belong to root/any specific user account,say,tomcatadm. if it is so, your file must set write permission for the user tomcatadm in this way
setfacl -u:tomcatadm:rw- myfile.html. Then the Tomcat process has the right to override your files. The Tomcat should also has write permission to your home directory, e.g. /home/mydir
Please verify

[ March 28, 2003: Message edited by: Li Xin ]
[ March 28, 2003: Message edited by: Li Xin ]
 
Gill Clover
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for your replies, much appreciated. It seems I was wrong when I said Tomcat couldn't write to files though (if there was one available, I'd insert an 'embarrassed' smiley here).
I've verified that writing works fine, without any special file permissions granted. It's when it tries to read the file that the problem occurs at. The'opset' command that I have to use to allow Tomcat to read files is the problem. I was told the file permissions created with this command are only retained provided the file isn't changed afterwards via Windows (something to do with Windows temp files or something).
Therefore every time I write to these files, the permissions I created with opset disappear which is why the files are not then displayed in the frames output by my servlet. Sigh. So the only way I can get rid of the problem is to not write out to HTML files at all, but to get the content in the frameset via some other method. Someone in the servlets forum said I could refer to servlets instead of HTML files in the frameset, so I'm going to give that a go.
Thanks again,
Gillian
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!