java - websphere 的 OS 用户创建文件夹和写入文件需要什么 Linux 权限？

Question

我们最近安装的网络应用程序有问题。

它允许用户上传文件并将它们保存到操作系统中的目录中。我们已经要求安全人员将 websphere 用户添加到目标路径组中，并且该路径具有 770 权限。

这样就可以了，如果我们用websphere用户登录机器，我们就可以在该路径下创建文件夹和文件；但是我们的 java web 应用程序无法创建目录并且失败了。

不幸的是，没有抛出异常，失败的方法首先使用 File.isDirectory() 检查此目录是否存在，如果返回 false，则尝试使用 File 创建它.mkdirs().

目录未创建，因此向用户显示自定义错误消息。日志中没有其他线索。

我试图在我的本地 Linux 笔记本电脑上重现该问题并与用户和组一起玩弄，我发现权限更改在新 session 开始之前不会生效，但我不确定如何影响我们部署的 java web 应用程序以及需要做什么才能使权限生效。

我也确定这些文件是用 websphere 用户编写的，因为该应用程序在不同的路径中写入了一些文件。

有没有人遇到过类似的事情？

谢谢

Answer 1

chown似乎是一个解决方案。

更新:

另一种解决方案是检查 java 客户端 (see) 的“文件权限策略”。

Java 2 security uses several policy files to determine the granted permission for each Java program. For the list of available policy files that are supported by WebSphere® Application Server, see Java 2 security policy files.

* The client.policy file is a default policy file that is shared by all of the WebSphere Application Server client containers and applets on a node.
* The union of the permissions that is contained in the java.policy file and the client.policy file are given to all of the client containers for WebSphere Application Server and applets running on the node.
* The client.policy file is not a configuration file that is managed by the repository and the file replication service. Changes to this file are local and do not replicate to the other machine.
* The client.policy file supplied by WebSphere Application Server is located in the profile_root/properties/client.policy.
* If the default permissions for a client (union of the permissions defined in the java.policy file and the client.policy file) are enough, no action is required. The default client policy is picked up automatically.
* If a specific change is required to some of the client containers and applets on a node, modify the client.policy file with the Policy Tool. Refer to Using PolicyTool to edit policy files for Java 2 security, to edit policy files. Changes to the client.policy file are local for the node.

希望对你有帮助。