LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-10-2011, 05:22 AM   #1
zeeshan12
LQ Newbie
 
Registered: Mar 2008
Posts: 11

Rep: Reputation: 0
User rights setup, Tomcat and Apache users both need access to a directory


Hi,

I have a user rights issue that I need some help with and would appreciate any solutions/suggestions.

I have to run an app which has a few servlets that run through tomcat and some php files that are on apache web server. Code in all scripts and servlets need to access a directory on the system. The problem is, if the directory has been created by tomcat, apache cannot write into it and if apache creates a dir tomcat doesn't have write permission in it.

There is probably a very easy solution to this but I'm not very good with linux. I am running an enterprise linux 5 box.
 
Old 11-10-2011, 05:57 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,962

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
Hi,

The easiest way to do this, is to use the same user for both servers. I.e. find the user that apache runs as (usually www-data or apache depending on distro) and use that same user to start tomcat:
Code:
su www-data -c "/path/to/tomcat/bin/startup.sh"
Regards
 
Old 11-10-2011, 05:57 AM   #3
jhwilliams
Senior Member
 
Registered: Apr 2007
Location: Portland, OR
Distribution: Debian, Android, LFS
Posts: 1,168

Rep: Reputation: 208Reputation: 208Reputation: 208
Put your apache and tomcat users into a common group, e.g. webguys.
Code:
usermod -a -G apache webguys
usermod -a -G tomcat webguys
Now make sure the respective users own their directory hierarchies, but can share via group.
Code:
chown -R apache:webguys /var/www
chown -R tomcat:webguys /var/lib/tomcat
Finally, chmod g+s on those dirs, so that group owner propagates to new files:
Code:
chmod g+s /var/www
chmod g+s /var/lib/tomcat
Optionally, set umask to 0664 someplace.

Last edited by jhwilliams; 11-10-2011 at 06:01 AM.
 
Old 11-10-2011, 06:30 AM   #4
zeeshan12
LQ Newbie
 
Registered: Mar 2008
Posts: 11

Original Poster
Rep: Reputation: 0
Thanks guys i will try that shortly and get back to you. I have previously tried adding tomcat to apache's group and change group of the main directory to apache. That way both had write access to the main directory but problem still persisted when a directory was created within that main dir by any of the users. The user that created the dir only had write permissions in it.


Regards
 
Old 11-10-2011, 06:34 AM   #5
zeeshan12
LQ Newbie
 
Registered: Mar 2008
Posts: 11

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
Hi,

The easiest way to do this, is to use the same user for both servers. I.e. find the user that apache runs as (usually www-data or apache depending on distro) and use that same user to start tomcat:
Code:
su www-data -c "/path/to/tomcat/bin/startup.sh"
Regards

I think running tomcat with apache's user might stop tomcat from accessing its own resources like log files etc. I will have to go and change each of tomcat's resource and set flexible permissions on them?
 
Old 11-10-2011, 06:35 AM   #6
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,962

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
Quote:
I think running tomcat with apache's user might stop tomcat from accessing its own resources like log files etc. I will have to go and change each of tomcat's resource and set flexible permissions on them?
You're right. You need:
Code:
chown -R apache:apache /path/to/tomcat/
 
Old 11-10-2011, 06:38 AM   #7
zeeshan12
LQ Newbie
 
Registered: Mar 2008
Posts: 11

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by jhwilliams View Post
Put your apache and tomcat users into a common group, e.g. webguys.
Code:
usermod -a -G apache webguys
usermod -a -G tomcat webguys
Now make sure the respective users own their directory hierarchies, but can share via group.
Code:
chown -R apache:webguys /var/www
chown -R tomcat:webguys /var/lib/tomcat
Finally, chmod g+s on those dirs, so that group owner propagates to new files:
Code:
chmod g+s /var/www
chmod g+s /var/lib/tomcat
Optionally, set umask to 0664 someplace.

That's to setup a new group and make sure that servlets and php scripts both run through that group (since users are added in that group).

what permission would i need to give to that directory that they both are accessing and writing into? Should i just change its group to webguys and leave the user to either tomcat or apache ? and what chmod would i need on it?

Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with Apache: free access from lan users and password access to wan users... how? maginotjr Linux - Server 4 01-01-2011 12:08 PM
tomcat rights to user Raakh Linux - Newbie 1 07-21-2007 05:20 PM
apache setup help needed: cannot access user's homepage parv Linux - Networking 7 02-07-2006 05:24 PM
Running jsps in user home directory doesn't work (Apache Tomcat and mod_userdir) jimieee Linux - Networking 0 03-23-2005 11:12 AM
File/directory access rights klmn1 Linux - Software 3 05-29-2003 02:14 AM


All times are GMT -5. The time now is 01:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration