From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1GA9b4-0006vf-JB for garchives@archives.gentoo.org; Mon, 07 Aug 2006 18:13:03 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k77IBMHm030486; Mon, 7 Aug 2006 18:11:22 GMT Received: from mail.hdm.com (mail.hdm.com [69.12.72.82]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k77IBJe4000836 for ; Mon, 7 Aug 2006 18:11:20 GMT Received: by mail.hdm.com (Postfix, from userid 65534) id 70379E43A2; Mon, 7 Aug 2006 14:11:18 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.1.0-gr0 (2005-09-13) on ws1 X-Spam-Level: X-Spam-Status: No, score=-104.4 required=5.0 tests=ALL_TRUSTED,BAYES_00, USER_IN_WHITELIST autolearn=ham version=3.1.0-gr0 Received: from corundum.hdm.com (unknown [64.49.65.218]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.hdm.com (Postfix) with ESMTP id 454FAE4376; Mon, 7 Aug 2006 14:11:16 -0400 (EDT) From: Jesse V Griffis Organization: Harvard Design & Mapping Co Inc To: "William L. Thomson Jr." Subject: Re: [gentoo-java] tomcat permissions Date: Mon, 7 Aug 2006 14:09:58 -0400 User-Agent: KMail/1.9.4 Cc: gentoo-java@lists.gentoo.org References: <200608071245.30525.jgriffis@hdm.com> <1154970185.14080.7.camel@wlt.obsidian-studios.com> In-Reply-To: <1154970185.14080.7.camel@wlt.obsidian-studios.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-java@gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200608071409.58599.jgriffis@hdm.com> X-Archives-Salt: 9ae8b6aa-c7f9-4a3c-9c59-5605e3bb49a4 X-Archives-Hash: 6aa48359275547fe97e1ff517193fa33 Hi William, On Monday 07 August 2006 13:03, William L. Thomson Jr. wrote: > On Mon, 2006-08-07 at 12:45 -0400, Jesse V Griffis wrote: > > Curiously, the version running using start-stop-daemon is completely > > ignoring the system umask (002 - I'd like to make deployed webapps > > automatically group-writeable), but running the startup.sh script uses > > it. > > I am not clear what is going on? Are your webapps or tomcat running > under a different group or etc? Why do you need group writable access to > webapps? Owner writable should work fine for most all needs. I can't > recall the bug, but I believe there were bugs in the past. I saw a few > referenced in ebuild, but I removed them because they were resolve quite > some time ago. Not sure if any pertain to this issue. Thanks for the insight so far, and apologies for not being more clear. I've done a little more investigation, and here's what I can tell you: Essentially, the reason I want group writeable webapps is for simplicity in deploying new .war files over the top of existing ones on my development machine. I use a simple ant script that removes all traces of a web app, then copies a newly-built .war into webapps (akin to a 'make install'), and then tomcat auto-deploys it. I have tomcat running as tomcat:tomcat. I have my normal user added to the 'tomcat' group, so that after tomcat auto-deploys the new webapp and then I've gone and done some more work, I can run ant again and the delete of the existing webapp works quietly - without being group writable I can't do that automatically. I just recently upgraded to tomcat 5.5; With earlier versions (and when using catalina.sh now), use whatever system-wide umask I happened to set in /etc/profile (I've used 002 for a long time). Now, however, that's ignored and it appears to be forcing 022. As for my "little more investigation", it's apparently not in start-stop-daemon at all. I found an older machine with a different init script that just calls catalina.sh: start-stop-daemon --start --quiet --chuid tomcat:tomcat --exec ${CATALINA_HOME}/bin/catalina.sh -- start That works as expected. The ps output appears nearly identical whether I use this or the current 5.5 script, the only difference being that the current one includes more under "-classpath". Thanks, Jesse -- gentoo-java@gentoo.org mailing list