All, The SecurityLogger seems to want a umask in environments where it makes sense. But the line of catalina.sh that sets the JVM system property to pass the umask into the launching JVM is commented-out.
It would be best not to have to modify one's own catalina.sh file in order to enable the UMASK value-transfer. So I started writing a patch for catalina.sh with another environment variable that /enables/ sending the umask. But it seems that bin/catalina.sh already requires umask (from 8.5.29): [269] # Set UMASK unless it has been overridden [270] if [ -z "$UMASK" ]; then [271] UMASK="0027" [272] fi [273] umask $UMASK The umask program is expected to be present. Then, later: [287] # Uncomment the following line to make the umask available when using the [288] # org.apache.catalina.security.SecurityListener [289] #JAVA_OPTS="$JAVA_OPTS -Dorg.apache.catalina.security.SecurityListener.UMASK=`umask`" It's been like this for 7 years since the listener was first added. Any reason not to unconditionally set this JVM system property on startup? -chris
signature.asc
Description: OpenPGP digital signature
