File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

linux, tomcat and upload tmp-files

 
nimo frey
Ranch Hand
Posts: 580
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I run a java-websystem in tomcat under linux
and have a page for uploading items
and storing it (via mysql) as a blob in the database.


As the blobs are big, I create tmp-files via "java.io.File.createTempFile" to upload these items.

In Windows, the websystem works without problems and tmp-files can be created.

But in Linux, the site for uploading items works not, because of the error:

"Could not create tmpfile"

So I guess, it is a security-restriction under linux.

How can I solve it?
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17646
39
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First, determine where the temp files are being uploaded. By default, it should be TOMCAT_HOME/temp, but it can be changed, including at the app level.

The temp directory must be writeable by the userid that Tomcat is running under. As far as I can recall, there shouldn't be any selinux issues with Tomcat, so only the basic file access rights need to be verified.
 
nimo frey
Ranch Hand
Posts: 580
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello,

I use "java.io.File.createTempFile":

according to api:

java.io.File.createTempFile(String prefix, String suffix)
Creates an empty file in the default temporary-file directory, using the given prefix and suffix to generate its name.


So the default temporary-file directory in linux is root/TMP ?

Does using java.io.File.createTempFile(String prefix, String suffix) store the tmp files ins TOMCAT_HOME/temp ?

Would it be enough to make in linux something like



Or what should I do?
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17646
39
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
nimo frey wrote:hello,

So the default temporary-file directory in linux is root/TMP ?


No, it's the directory defined by the system property "java.io.tmpdir". Which they didn't document in java.io.File. Well, technically, it's a JVM parameter, but still...

The JVM designer picks the default value for that path, and in Unix/Linux, it would usually be "/tmp". When tomcat starts, it assigns that property to point to its own temp directory. Note that you can't just arbitrarily reassign this value at runtime. There are certain limitations, but I couldn't locate the docs. It doesn't matter here, anyway. You can override Tomcat's choice and I have done so, but in most cases it's not necessary.

Yes, a "chmod 755" is what my copy of tomcat has assigned to my TOMCAT_HOME/temp directory.
 
nimo frey
Ranch Hand
Posts: 580
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello tim,

thanks for helping!

My root/tmp has this:




My tomcats tmp-directory is linked to:

where:

- var directory has this:



- tomcat6-directory has this:



- temp-directory has this:


And my tomcat-users.xml looks like this:



So now my question:

How do I secure, that tomcat can access the tmp-directory ?
Should I add:


where "root" is the user of my linux-system?
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17646
39
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
tomcat-users.xml has nothing at all to do with tempfiles. It's just a database for the Tomcat Memory Security Realm. It supports J2EE container-based security, and only does that if you enable it.

Your file access rights should be sufficient unless selinux is getting annoyed (look in /var/log/audit/audit.log if you're running a Red Hat-like system).

But it's not really a good practice to run Tomcat (or any other server) as root. Your directory setup looks like it may have been created by the RHEL J2EE RPMs, and if that's the case, there should have been a "tomcat" user created the init-script startup should be running Tomcat under that user ID.

Some people have had problems in cases like that, where Tomcat was started at different times under the root and private accounts. That's because if Tomcat creates resources while running as root, the private account can't delete/replace the old work/temp/deployed files.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic