From: Jesse V Griffis <jgriffis@hdm.com>
To: "William L. Thomson Jr." <wlt@obsidian-studios.com>
Cc: gentoo-java@lists.gentoo.org
Subject: Re: [gentoo-java] tomcat permissions
Date: Mon, 7 Aug 2006 14:09:58 -0400 [thread overview]
Message-ID: <200608071409.58599.jgriffis@hdm.com> (raw)
In-Reply-To: <1154970185.14080.7.camel@wlt.obsidian-studios.com>
Hi William,
On Monday 07 August 2006 13:03, William L. Thomson Jr. wrote:
> On Mon, 2006-08-07 at 12:45 -0400, Jesse V Griffis wrote:
> > Curiously, the version running using start-stop-daemon is completely
> > ignoring the system umask (002 - I'd like to make deployed webapps
> > automatically group-writeable), but running the startup.sh script uses
> > it.
>
> I am not clear what is going on? Are your webapps or tomcat running
> under a different group or etc? Why do you need group writable access to
> webapps? Owner writable should work fine for most all needs. I can't
> recall the bug, but I believe there were bugs in the past. I saw a few
> referenced in ebuild, but I removed them because they were resolve quite
> some time ago. Not sure if any pertain to this issue.
Thanks for the insight so far, and apologies for not being more clear. I've
done a little more investigation, and here's what I can tell you:
Essentially, the reason I want group writeable webapps is for simplicity in
deploying new .war files over the top of existing ones on my development
machine.
I use a simple ant script that removes all traces of a web app, then copies a
newly-built .war into webapps (akin to a 'make install'), and then tomcat
auto-deploys it.
I have tomcat running as tomcat:tomcat. I have my normal user added to the
'tomcat' group, so that after tomcat auto-deploys the new webapp and then
I've gone and done some more work, I can run ant again and the delete of the
existing webapp works quietly - without being group writable I can't do that
automatically.
I just recently upgraded to tomcat 5.5; With earlier versions (and when using
catalina.sh now), use whatever system-wide umask I happened to set
in /etc/profile (I've used 002 for a long time). Now, however, that's
ignored and it appears to be forcing 022.
As for my "little more investigation", it's apparently not in
start-stop-daemon at all. I found an older machine with a different init
script that just calls catalina.sh:
start-stop-daemon --start --quiet --chuid tomcat:tomcat --exec
${CATALINA_HOME}/bin/catalina.sh -- start
That works as expected. The ps output appears nearly identical whether I use
this or the current 5.5 script, the only difference being that the current
one includes more under "-classpath".
Thanks,
Jesse
--
gentoo-java@gentoo.org mailing list
next prev parent reply other threads:[~2006-08-07 18:13 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-07 16:45 [gentoo-java] tomcat permissions Jesse V Griffis
2006-08-07 17:03 ` William L. Thomson Jr.
2006-08-07 18:09 ` Jesse V Griffis [this message]
2006-08-07 18:18 ` William L. Thomson Jr.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200608071409.58599.jgriffis@hdm.com \
--to=jgriffis@hdm.com \
--cc=gentoo-java@lists.gentoo.org \
--cc=wlt@obsidian-studios.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox