问题
I am trying to set a custom umask for a tomcat 8 instance, tried to make it the good way by using the UMask directive in systemd tomcat unit as seen here without luck.
I'd like to set a 022 umask cause the company dev needs to access tomcat / application logs and they are not in the same group as the tomcat user....
the crazy thing is that the systemd doc says :
Controls the file mode creation mask. Takes an access mode in octal notation. See umask(2) for details. Defaults to 0022.
But the logs (application / tomcat) are set to 640 (not the expected 755) :
-rw-r----- 1 top top 21416 Feb 1 09:58 catalina.out
My service file :
# Systemd unit file for tomcat
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
[...]
User=top
Group=top
UMask=0022
[Install]
WantedBy=multi-user.target
Any thoughts about this ?
Thanks
回答1:
Try adding UMASK as Environment variable into tomcat's service file:
[Service]
...
Environment='UMASK=0022'
...
Default catalina.sh is checking for environment's $UMASK:
# Set UMASK unless it has been overridden
if [ -z "$UMASK" ]; then
UMASK="0027"
fi
umask $UMASK
(It seems to me, that UMask from systemd is not used by Tomcat, but I am not completely sure.)
回答2:
I think you can achieve this with systemd by doing the following:
~]# mkdir -p /etc/systemd/system/tomcat.service.d
~]# echo -e "[Service]\nUMask=0022" >/etc/systemd/system/tomcat.service.d/custom-umask.conf
~]# systemctl daemon-reload
~]# systemctl restart tomcat
/etc/systemd/system/tomcat.service.d/umask-user.conf should overwrite the default values.
Source: https://access.redhat.com/solutions/2220161
P.S: A umask of 0022 would give a file 0644 permissions and a directory 0755
回答3:
if using jsvc to start Tomcat as daemon process, then we need to set the -umask argument in jsvc command line
来源:https://stackoverflow.com/questions/41975808/set-umask-for-tomcat8-via-tomcat-service