20

I am trying to set a custom umask for a tomcat 8 instance, tried to make it the good way by using the UMask directive in systemd tomcat unit as seen here without luck.

I'd like to set a 022 umask cause the company dev needs to access tomcat / application logs and they are not in the same group as the tomcat user....

the crazy thing is that the systemd doc says :

Controls the file mode creation mask. Takes an access mode in octal notation. See umask(2) for details. Defaults to 0022.

But the logs (application / tomcat) are set to 640 (not the expected 755) :

-rw-r----- 1 top top 21416 Feb  1 09:58 catalina.out

My service file :

# Systemd unit file for tomcat
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target

[...]

User=top
Group=top
UMask=0022

[Install]
WantedBy=multi-user.target

Any thoughts about this ?

Thanks

Pier
  • 618
  • 2
  • 8
  • 23

4 Answers4

26

Try adding UMASK as Environment variable into tomcat's service file:

[Service]
...
Environment='UMASK=0022'
...

Default catalina.sh is checking for environment's $UMASK:

# Set UMASK unless it has been overridden
 if [ -z "$UMASK" ]; then
  UMASK="0027"
 fi
 umask $UMASK

(It seems to me, that UMask from systemd is not used by Tomcat, but I am not completely sure.)

mjtecka
  • 405
  • 4
  • 7
  • Thanks for the input mjtecka I'll give it a try whenever I'll have time for this, I switched to another issue for now, I'll make sure to comeback here and accept your answer if that works ! – Pier Mar 06 '17 at 09:56
  • 1
    This answer is correct and should be marked as such. UMask from systemd is being ignored by tomcat. This change works, as does simply changing the default umask found in catalina.sh – Tadgh Aug 02 '17 at 11:14
  • 1
    As suggested on catalina.sh: # Do not set the variables in this script. Instead put them into a script setenv.sh in CATALINA_BASE/bin to keep your customizations separate. – Danilo Teodoro May 31 '20 at 13:10
  • 2
    @Tadgh got it working like a charm with systemd for tomcat9 on debian10. Just add a file called `/etc/systemd/system/tomcat9.service.d/override.conf` with the contents of the answer and make sure to refresh with `systemctl daemon-reload` otherwise it will be ignored. – wbloos Feb 17 '21 at 16:02
1

I think you can achieve this with systemd by doing the following: 

~]# mkdir -p /etc/systemd/system/tomcat.service.d
~]# echo -e "[Service]\nUMask=0022" >/etc/systemd/system/tomcat.service.d/custom-umask.conf
~]# systemctl daemon-reload
~]# systemctl restart tomcat

/etc/systemd/system/tomcat.service.d/umask-user.conf should overwrite the default values.

Source: https://access.redhat.com/solutions/2220161

P.S: A umask of 0022 would give a file 0644 permissions and a directory 0755

Patrick McMahon
  • 364
  • 3
  • 6
1

if using jsvc to start Tomcat as daemon process, then we need to set the -umask argument in jsvc command line

Philip
  • 61
  • 1
  • 4
0

You can add value to the UMASK variable in the file catalina.sh on Linux or catalina.bat on Windows, with 002 the file will be created with 775 permissions:

UMAKS=002
Diego
  • 1