CODEWITHSUNDEEP
tomcatpermissionsfile-permissionssystemdumask
Pier
Pier

Reputation: 671

set umask for Tomcat via tomcat.service in SystemD

I am trying to set a custom umask for a tomcat 8 instance, tried to make it the good way by using the UMask directive in systemd tomcat unit as seen here without luck.

I'd like to set a 022 umask cause the company dev needs to access tomcat / application logs and they are not in the same group as the tomcat user....

the crazy thing is that the systemd doc says :

Controls the file mode creation mask. Takes an access mode in octal notation. See umask(2) for details. Defaults to 0022.

But the logs (application / tomcat) are set to 640 (not the expected 755) :

-rw-r----- 1 top top 21416 Feb  1 09:58 catalina.out

My service file :

# Systemd unit file for tomcat
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target

[...]

User=top
Group=top
UMask=0022

[Install]
WantedBy=multi-user.target

Any thoughts about this ?

Thanks

Upvotes: 24

Views: 31951

Answers (5)

Robert Newton
Robert Newton

Reputation: 1611

Tomcat will use the UMASK environment variable definition.

UMASK=0022

Customised Tomcat environment variables should go in the setenv.shl file (Linux) or the setenv.bat file (Windows) in the $CATALINA_BASE/bin/ directory/folder.

Upvotes: 0

Diego
Diego

Reputation: 1

You can add value to the UMASK variable in the file catalina.sh on Linux or catalina.bat on Windows, with 002 the file will be created with 775 permissions:

UMAKS=002

Upvotes: 0

Philip
Philip

Reputation: 61

if using jsvc to start Tomcat as daemon process, then we need to set the -umask argument in jsvc command line

Upvotes: 1

Patrick McMahon
Patrick McMahon

Reputation: 414

I think you can achieve this with systemd by doing the following: 

~]# mkdir -p /etc/systemd/system/tomcat.service.d
~]# echo -e "[Service]\nUMask=0022" >/etc/systemd/system/tomcat.service.d/custom-umask.conf
~]# systemctl daemon-reload
~]# systemctl restart tomcat

/etc/systemd/system/tomcat.service.d/umask-user.conf should overwrite the default values.

Source: https://access.redhat.com/solutions/2220161

P.S: A umask of 0022 would give a file 0644 permissions and a directory 0755

Upvotes: 1

mjtecka
mjtecka

Reputation: 455

Try adding UMASK as Environment variable into tomcat's service file:

[Service]
...
Environment='UMASK=0022'
...

Default catalina.sh is checking for environment's $UMASK:

# Set UMASK unless it has been overridden
 if [ -z "$UMASK" ]; then
  UMASK="0027"
 fi
 umask $UMASK

(It seems to me, that UMask from systemd is not used by Tomcat, but I am not completely sure.)

Upvotes: 31

Related Questions