[英]How to give permission to spring application running under tomcat to write on another user directory
On one of my VPS, I have tomcat server on /opt/tomcat
with user tomcat:tomcat
, I have a host which runs spring application to serve the sub domain of user someuser
ie http://crm.someuser.com在我的一个 VPS 上,我在
/opt/tomcat
上有 tomcat 服务器,用户tomcat:tomcat
,我有一台运行 spring 应用程序的主机来为用户someuser
的子域提供服务,即http://crm.someuser.com
Now I need to write files/images to that folder/directory ie /home/someuser/crm.someuser.com
, Whenever I try to write file, permission denied exception occur.现在我需要将文件/图像写入该文件夹/目录,即
/home/someuser/crm.someuser.com
,每当我尝试写入文件时,都会发生权限被拒绝的异常。
File system permission problem.文件系统权限问题。
Short answer, grant write permissions on the target folder by changing the folder permissions using chmod linux command简短回答,通过使用chmod linux 命令更改文件夹权限来授予对目标文件夹的写权限
eg例如
chmod ugoa+w /home/someuser/crm.someuser.com chmod ugoa+w /home/someuser/crm.someuser.com
Of course you have to be the owner of that folder, if not at least you have sudo capabilities so you can execute the chmod command on that folder.当然,您必须是该文件夹的所有者,至少您具有 sudo 功能,以便您可以在该文件夹上执行 chmod 命令。
sudo ugoa+w /home/someuser/crm.someuser.com须藤 ugoa+w /home/someuser/crm.someuser.com
Doing a list command on the folder在文件夹上执行 list 命令
ls -alh
-rw-r--r-- 1 user user 675 Mar 14 2017 /home/someuser/crm.someuser.com
After executing the chmod command, the write permissions should show something like执行 chmod 命令后,写权限应该显示类似
ls -alh
-rw-rw-rw- 1 user user 675 Mar 14 2017 /home/someuser/crm.someuser.com
You will notice rw (meaing read and write permissions) for that folder您会注意到该文件夹的 rw(读取和写入权限)
Long answer, the answer above will allow any user to write to that folder since it has write permission for user, group and others.长答案,上面的答案将允许任何用户写入该文件夹,因为它对用户、组和其他人具有写入权限。 A good way is only allow users who belongs to a group to be able to write to that folder.
一个好方法是只允许属于一个组的用户能够写入该文件夹。
Eg Depending on your use case, you may want to add that user to the tomcat group and change the owner of the folder to tomcat.例如,根据您的用例,您可能希望将该用户添加到 tomcat 组并将文件夹的所有者更改为 tomcat。 Then grant write permission to the tomcat group to that folder.
然后授予 tomcat 组对该文件夹的写权限。 This way only users belonging to tomcat can write to that folder.
这样,只有属于 tomcat 的用户才能写入该文件夹。
Here is the updated solution.这是更新的解决方案。
Create a new group that will have permission to write to those folders.创建一个新组,该组将有权写入这些文件夹。
groupadd YOURGROUP
Change the group owner for each of those folders.更改每个文件夹的组所有者。 (You can retain the current owner as is and modify only the group by passing the same owner in the command)
(您可以按原样保留当前所有者,并通过在命令中传递相同的所有者来仅修改组)
sudo chown someuser:YOURGROUP /home/someuser/crm.someuser.com
Change the permission of that folder so that YOURGROUP will have read/write capabilities更改该文件夹的权限,以便 YOURGROUP 具有读/写功能
sudo chmod g+rw /home/someuser/crm.someuser.com
Lastly, add tomcat to that group.最后,将 tomcat 添加到该组。 So tomcat will have read/write capabilities to those folder.
因此,tomcat 将具有对这些文件夹的读/写功能。
sudo usermod -a -G YOURGROUP tomcat
Where tomcat is the valid user used by tomcat (others use tomcat7, you need to check the actual username of tomcat on your system)其中tomcat为tomcat使用的有效用户(其他人使用tomcat7,需要查看自己系统上tomcat的实际用户名)
The problem is not related to Spring app;问题与 Spring 应用无关; you just only set read, write permissions for tomcat user on that folder.
您只需为该文件夹中的 tomcat 用户设置读、写权限。 You can try with: setfacl command ( http://manpages.ubuntu.com/manpages/zesty/en/man1/setfacl.1.html ) or something like this.
您可以尝试使用: setfacl 命令( http://manpages.ubuntu.com/manpages/zesty/en/man1/setfacl.1.html )或类似的东西。 Ex:
前任:
setfacl -m u:tomcat:rw /home/someuser/crm.someuser.com
Hope that it helps you.希望对你有帮助。
This work for me:这对我有用:
public Path getPathdoc(String filename) {
//return Paths.get(UPLOADS_FOLDER).resolve(filename).toAbsolutePath();
return Paths.get("/var/lib/mysql-files").resolve(filename).toAbsolutePath();
}
Here you set all permission with: "rwxrwxrwx"在这里你设置所有权限:“rwxrwxrwx”
@Override
public String copydoc(MultipartFile file) throws IOException {
String uniqueFilename = file.getOriginalFilename();
Path rootPath = getPathdoc(uniqueFilename);
log.info("rootPath: " + rootPath);
Files.copy(file.getInputStream(), rootPath);
Files.setPosixFilePermissions(getPath(uniqueFilename), PosixFilePermissions.fromString("rwxrwxrwx"));
return uniqueFilename;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.