-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Romain,
On 12/28/18 10:10, Romain Manni-Bucau wrote: > Hi > > As a user it is nicer to be able to set all system properties in > the same place and catalina code is too late for some of them like > log manager. Why not having a conf/system.properties handled by > scripts and in fallback by Tomcat (embedded case)? Would just be a > more natural way to write it than setenv. Shell-script processing of .properties files will likely be hairy. I have seen systems like install4j which use "vmoptions" files which essentially allow you to set system properties without actually typing a huge line of text with "-Dkey=value" but instead have "key=value" on separate lines. I suspect they do not adhere to the full "properties" specification (e.g. ignorable whitespace, line-continuation, \u character processing, etc.). It we defined something that "wasn't a properties file, but looks like a properties file", then maybe it would be okay. It could be processed easily like this on systems with proper scripting capabilities: sysprops=$( echo $( sed -e 's/^/"-D/' -e 's/$/"/' conf/system.not-properties $) $) ... java [script properties] $sysprops You still have the awful problem of quoting, though. - -chris > Le 28 déc. 2018 16:07, "Christopher Schultz" > <ch...@christopherschultz.net> a écrit : > > All, > > Someone asked this question on SO recently: > https://stackoverflow.com/questions/53921375/tomcat-overriding-catalin a- > > properties-from-commandline/53952396#53952396 > <https://stackoverflow.com/questions/53921375/tomcat-overriding-catali na-properties-from-commandline/53952396#53952396> > > TLDR: this person wants to set system properties in > catalina.properties but be able to "override" those from the > command-lin e. > > The fix would be trivial: just don't clobber the value of any > existing system property in CatalinaProperties when copying the > properties from the file to the live system properties. > > I'm wondering if anyone can think of any security issues with > doing that. Presumably, if a user can launch Tomcat, they can set > system properties. However, it's possible that a user might have > the right to *launch* Tomcat, but not reconfigure it (e.g. > read-only catalina.properties). > > That could easily be solved by using a catalina.properties-only > setting like "catalina.properties.noclobber.system.properties=true" > or something like that. > > What does everyone think? > > Thanks, -chris > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwmblsACgkQHPApP6U8 pFj/0RAAt+e4UDhtWZ7bHLGfNkXEAiO0hAor8MOHINn8f99Aeu9LbD0odH9ruDzy B0s3Yhyg49PgUIxZbqqCPFMME83L/Fx//YT2VRfgvxjM3BvWCtGIRAqx8NZpbbqX fbQYxdc7DWkIr3/5CQ3BsVPZu9HdhmoOTeFMMPvRWbW4LqRfkQXyNdAd308i2a6M 0N0RQED7gyEAPfMKaXOLX+AoSApAnGG7F4c+jr8l6P8U0VVRnX+TFWrjBmEt2iWx z0dtH0AZJlf2QwEq48g1qSaB7vUo9w9WPx57YYB3Zv1kcGPGF1h6Acy7S3vqEVgo ZafsK5PzyVycXd37P5EcQ1Yh1yELVS0Zdl3qfGxllX6jDSpb6cMcMUbC6buMpPwG Af6WmUCfDThI7Q9Om5MttT73acj/Wcvh1rtYbu6hhjPXZ+uplGJcwBcY1sujC81S s389xDL+GVxde31sW6pSVY+OYsdrg1HsqQJeFnmpEDZSjrSgTEsS6hj0dVRkIPCS 0k1JPydMD28OGwdoxLIQHYNq9q3uneBDrw+VTcu1Q9RIJcQ5NW8ksoY/GHbYfG18 lf01sFu28RyAM1kVZYMc2IZlq61opW4w/DPTGChgNpxqx7yD5nfm31lqvAsYKyht EXKqCRayn+89KEV3px0UbAeSVQWVD96a12KbYZHF1IEm/eO+a2M= =Qoxt -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
