[FIXED] Tomcat9 File Permissions Change

Issue

I have found that the file permissions have changed between Tomcat 8 and Tomcat 9 and I can't figure out how to get around it.

I had code like this where inputStream is something I feed this routine and redirectStream is a function that simply uses BufferedInput and BufferedOutput streams to read from one stream into another.

Path path = "/some/example/path/to/a/file"; Files.createDirectories(path.getParent()); redirectStream(inputStream, new FileOutputStream(path.toFile());

After executing this bit of code in Tomcat8 the directories and file would have permissions matching the umask of the user (0022). That is the directories would have drwxr-xr-x and the files would have -rw-r--r--. As these files that it is writing are then accessible to the internet the global read flag is necessary.

But under Tomcat9, the same code gives, drwxr-x--- and -rw-r----- respectively, and thus are not visible to the internet. I have tried two things. One I have explicitly set the umask to 0022 in my tomcat startup script just to make sure that is what it is to no effect. The second is to explicitly set the permissions in code to try and force the issue. This fixed the file permissions but NOT not the directory permissions and below is the updated code.

Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>();
perms.add(PosixFilePermission.OWNER_READ);
perms.add(PosixFilePermission.OWNER_WRITE);
perms.add(PosixFilePermission.OWNER_EXECUTE);
perms.add(PosixFilePermission.GROUP_READ);
perms.add(PosixFilePermission.GROUP_WRITE);
perms.add(PosixFilePermission.GROUP_EXECUTE);
perms.add(PosixFilePermission.OTHERS_READ);
perms.add(PosixFilePermission.OTHERS_EXECUTE);
Files.createDirectories(path.getParent(), PosixFilePermissions.asFileAttribute(perms));

redirectStream(inputStream, new FileOutputStream(path.toFile()); 
perms = new HashSet<PosixFilePermission>();
perms.add(PosixFilePermission.OWNER_READ);
perms.add(PosixFilePermission.OWNER_WRITE);
perms.add(PosixFilePermission.GROUP_READ);
perms.add(PosixFilePermission.GROUP_WRITE);
perms.add(PosixFilePermission.OTHERS_READ);
Files.setPosixFilePermissions(fullPath, perms);

Which actually fixes the file permission of the file but NOT the file permissions of the directories. I have tested the code outside of Tomcat and therefore know that it works. But for some reason Tomcat9's environment somehow makes it that the directories still get the restricted permissions.

Any ideas here?

Solution

use

export UMASK=0022 in setenv.sh.

See https://tomcat.apache.org/tomcat-9.0-doc/changelog.html

Answered By - gardanflyer