On 21/03/18 03:43, Christopher Schultz wrote: > All, > > The SecurityLogger seems to want a umask in environments where it makes > sense. But the line of catalina.sh that sets the JVM system property to > pass the umask into the launching JVM is commented-out. > > It would be best not to have to modify one's own catalina.sh file in > order to enable the UMASK value-transfer. > > So I started writing a patch for catalina.sh with another environment > variable that /enables/ sending the umask. > > But it seems that bin/catalina.sh already requires umask (from 8.5.29): > > [269] # Set UMASK unless it has been overridden > [270] if [ -z "$UMASK" ]; then > [271] UMASK="0027" > [272] fi > [273] umask $UMASK > > The umask program is expected to be present. > > Then, later: > > [287] # Uncomment the following line to make the umask available when > using the > [288] # org.apache.catalina.security.SecurityListener > [289] #JAVA_OPTS="$JAVA_OPTS > -Dorg.apache.catalina.security.SecurityListener.UMASK=`umask`" > > It's been like this for 7 years since the listener was first added. Any > reason not to unconditionally set this JVM system property on startup?
Lines 287-289 pre-date lines 269-273. >From memory lines 287-289 were left commented out as we didn't want to break working configurations in a point release. With the addition of lines 269-273 I agree with uncommenting lines 287-289. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
