如何授予在tomcat下运行的spring应用程序在另一个用户目录上写入的权限

Question

On one of my VPS, I have tomcat server on /opt/tomcat with user tomcat:tomcat , I have a host which runs spring application to serve the sub domain of user someuser ie http://crm.someuser.com

Now I need to write files/images to that folder/directory ie /home/someuser/crm.someuser.com , Whenever I try to write file, permission denied exception occur.

Answer 1

File system permission problem.

Short answer, grant write permissions on the target folder by changing the folder permissions using chmod linux command

eg

chmod ugoa+w /home/someuser/crm.someuser.com

Of course you have to be the owner of that folder, if not at least you have sudo capabilities so you can execute the chmod command on that folder.

sudo ugoa+w /home/someuser/crm.someuser.com

Doing a list command on the folder

ls -alh
-rw-r--r--  1 user user  675 Mar  14  2017 /home/someuser/crm.someuser.com 

After executing the chmod command, the write permissions should show something like

ls -alh
-rw-rw-rw-  1 user user  675 Mar  14  2017 /home/someuser/crm.someuser.com 

You will notice rw (meaing read and write permissions) for that folder

Long answer, the answer above will allow any user to write to that folder since it has write permission for user, group and others. A good way is only allow users who belongs to a group to be able to write to that folder.

Eg Depending on your use case, you may want to add that user to the tomcat group and change the owner of the folder to tomcat. Then grant write permission to the tomcat group to that folder. This way only users belonging to tomcat can write to that folder.

Here is the updated solution.

Create a new group that will have permission to write to those folders.

groupadd YOURGROUP

Change the group owner for each of those folders. (You can retain the current owner as is and modify only the group by passing the same owner in the command)

sudo chown someuser:YOURGROUP /home/someuser/crm.someuser.com

Change the permission of that folder so that YOURGROUP will have read/write capabilities

sudo chmod g+rw /home/someuser/crm.someuser.com

Lastly, add tomcat to that group. So tomcat will have read/write capabilities to those folder.

sudo usermod -a -G YOURGROUP tomcat

Where tomcat is the valid user used by tomcat (others use tomcat7, you need to check the actual username of tomcat on your system)

Answer 2

The problem is not related to Spring app; you just only set read, write permissions for tomcat user on that folder. You can try with: setfacl command ( http://manpages.ubuntu.com/manpages/zesty/en/man1/setfacl.1.html ) or something like this. Ex:

setfacl -m u:tomcat:rw /home/someuser/crm.someuser.com

Hope that it helps you.

Answer 3

This work for me:

public Path getPathdoc(String filename) {
    //return Paths.get(UPLOADS_FOLDER).resolve(filename).toAbsolutePath();
    return Paths.get("/var/lib/mysql-files").resolve(filename).toAbsolutePath();
}

Here you set all permission with: "rwxrwxrwx"

 @Override
    public String copydoc(MultipartFile file) throws IOException {
        String uniqueFilename = file.getOriginalFilename();
        Path rootPath = getPathdoc(uniqueFilename);
        log.info("rootPath: " + rootPath);
        Files.copy(file.getInputStream(), rootPath);
        Files.setPosixFilePermissions(getPath(uniqueFilename), PosixFilePermissions.fromString("rwxrwxrwx"));
        return uniqueFilename;
    }