User rights setup, Tomcat and Apache users both need access to a direc

[zeeshan12]

Hi,

I have a user rights issue that I need some help with and would appreciate any solutions/suggestions.

I have to run an app which has a few servlets that run through tomcat and some php files that are on apache web server. Code in all scripts and servlets need to access a directory on the system. The problem is, if the directory has been created by tomcat, apache cannot write into it and if apache creates a dir tomcat doesn't have write permission in it.

There is probably a very easy solution to this but I'm not very good with linux. I am running an enterprise linux 5 box.


Thanks

[atreyu]

Perhaps create a new user group and add the tomcat user and the apache user to it. Then modify the relevant directories to be owned and group-writable by said group. e.g.:

Code:

groupadd appsvr
usermod -a -G appsvr apache
usermod -a -G appsvr tomcat
chown :appsvr /path/to/apache/dir
chmod 0775 /path/to/apache/dir
chown :appsvr /path/to/tomcat/dir
chmod 0775 /path/to/tomcat/dir

You could also do this (more properly) with acls, but this is quick and dirty...

[zeeshan12]

thanks, i'll try that and let you know shortly.

[zeeshan12]

Hi just a quick question. I see your point there but the directory that tomcat and apache both need access to is located at root. e.g lets say its /access_me

both should be able to create direcoties within that and read/write files. also if one users added a directory other should also have write access to it.

I know you have probably answered this question already but just to clearify that the chown would then be done on the /access_me not the apache and tomcat dirs?

thanks

[atreyu]

Well, look at it this way: *any* directory that you wish for both users to have write access to need the chmod/chown commands.

[zeeshan12]

Also while creating the directories/files would the scripts/servlets have to chmod them to 775? or will it work without?

just asking this since when the scripts create a dir they normally create it with 755 permissions.

[atreyu]

You mean if new directories are created underneath the main dir? Depends on the umask, but yes, probably you'd have to manually modify the permissions. Same for files, if you want group write capability.

[zeeshan12]

ahh ok, seems like i'm back to square one with this. I had previously got round to giving access of the main dir to both users by adding tomcat in apache's group and runing chown :apache on the /access_me dir. Its mainly the subdirs that I want to tackle.

Isn't there a way to have all subdir created with full access to group users, something similar to chmod 775?

really appreciate your help btw.

regards

[atreyu]

yeah, you can do that with umask or acls...my exp is limited on both though - perhaps someone will come along that can give you the right syntax.

[atreyu]

Setting umask to 0002 worked for me:

Code:

[user@host]$ umask
0022
[user@host]$ mkdir blah;stat -c %a blah
755
[user@host]$ umask 0002
[user@host]$ umask
0002
[user@host]$ mkdir blah2;stat -c %a blah2
775
[user@host]$