0

I am referring to this question: Mapping a directory outside the web-app to URL in TOMCAT

<Context path="/images" docBase="/usr/images/" />

I wonder how to achive this in the most secure way. So my questions are:

  1. where to put the folder for uploads
  2. which file permissions to give the folder and the files and who should be the owner
  3. how to make sure files can only be accessed via tomcat and not directly by users
Community
  • 1
  • 1
niklas
  • 2,887
  • 3
  • 38
  • 70

1 Answers1

1
  1. Depends on your setup. Usually /var/tomcat...
  2. Tomcat has his own usr and group tomcat:tomcat
  3. Use the umask 027 for the tomcat process.
Michael-O
  • 18,123
  • 6
  • 55
  • 121
  • 1. so that folder is also recommended for user uploads. 2.okay 3.okay – niklas Feb 22 '12 at 19:15
  • Not exactly that folder, but a concrete folder in `/var` where your tomcat instance has access to. If images, are static, you can put then in /usr/share of couse. Depends on your case. – Michael-O Feb 22 '12 at 19:33
  • with "that folder" i meant the tomcat folder i think i got closer to the solution. i am not that familiar with linux yet why i am concerned even more with not making mistakes that introduce security holes i might not even be aware of. but i think i managed. can someone explain the imposed security flaws if i would create the folder as -lets say- root or wit umask 026 ? what could attackers do? – niklas Feb 23 '12 at 00:32