What are the Linux permissions needed for websphere's OS user to create folders and write files?_问答_开发者

What are the Linux permissions needed for websphere's OS user to create folders and write files?

开发者 https://www.devze.com 2023-03-22 21:19 出处：网络

we are having a problem with our recently installed web app. It allows users to upload files and save them to a directory in the OS. We\'ve asked the Security guys to add the websphere user to the ta

we are having a problem with our recently installed web app.

It allows users to upload files and save them to a directory in the OS. We've asked the Security guys to add the websphere user to the target path group, and this path has 770 permissions.

That should do it, if we log in to the machine with the websphere user, we can create folders and files in that path; but our java web app can´t create a directory and it fails.

Unfortunately no exception is thrown, the failing method first checks for this the existence of this directory with File.isDirectory() if it returns false, then it tries to create it with File.mkdirs().

The directory is not created and so a custom error message is displayed to the user. No other clue in the logs.

I've tried to reproduce the problem in my local linux laptop and toying with users and groups, i've seen that changes to permissions do not take effect until a new session is started, but i'm not sure how that affects our deployed java web app and what needs to be done for permissions to be effective.

I'm also sure the files are written with websphere user, since the app has written some files in a different path.

Has anyone faced something simi开发者_StackOverflow社区lar?

thanks

chown seems to be a solution.

UPDATE:

Another solution is to check the 'file permission policy' for the java client (see).

Java 2 security uses several policy files to determine the granted permission for each Java program. For the list of available policy files that are supported by WebSphere® Application Server, see Java 2 security policy files.

* The client.policy file is a default policy file that is shared by all of the WebSphere Application Server client containers and applets on a node.
* The union of the permissions that is contained in the java.policy file and the client.policy file are given to all of the client containers for WebSphere Application Server and applets running on the node.
* The client.policy file is not a configuration file that is managed by the repository and the file replication service. Changes to this file are local and do not replicate to the other machine.
* The client.policy file supplied by WebSphere Application Server is located in the profile_root/properties/client.policy.
* If the default permissions for a client (union of the permissions defined in the java.policy file and the client.policy file) are enough, no action is required. The default client policy is picked up automatically.
* If a specific change is required to some of the client containers and applets on a node, modify the client.policy file with the Policy Tool. Refer to Using PolicyTool to edit policy files for Java 2 security, to edit policy files. Changes to the client.policy file are local for the node.

I hope it helps you.