Could get Logical Readers configuration working about cloud4things HOT 4 OPEN

Hi there,

I got this message guess I had this repo subscribed. Despite not being into the app, don't mind me asking are all the directories and files with the correct ownership and permissions?
Are the paths correctly configured?
When you mention "static configurations don't seem to get picked up either" is the file with the configurations correctly owned? and with the correct read permissions?

Cheers

from cloud4things.

Hi, thank you for the help.
The container has read/write permissions on the configuration files.

-rw-r--r-- 1 root root    73 May  5 15:35 InputGenerators.properties
-rw-r--r-- 1 root root   978 May  5 15:12 LogicalReaders.xml

I've tried to follow the ALE user guide and Marcus docker files has a starting point.

I can go to the web app at localhost:8080/fc-webclient-1.2.0//services/ALEWebClient.jsp, configure the endpoints for the "Filtering and Collection API" and "Logical Reader API" and retrieve their versions.

I'm stuck configuring the logical readers.

I've uploaded what I have to this repo for reference:
https://github.com/dvcorreia/fosstrak-quickstart-docker.git

from cloud4things.

Why are the files owned by root?
Is the application running with elevated privileges? to be able to read files owned by root?
A simple way to see if its file ownership is to change permissions to 777 and see how it goes.

User for Apache is usually nobody and tomcat for tomcat.

Edit:

I've taken this from Apache Tomcat 9 - Security Considerations - https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html

Tomcat should not be run under the root user. Create a dedicated user for the Tomcat process and provide that user with the minimum necessary permissions for the operating system. For example, it should not be possible to log on remotely using the Tomcat user.

File permissions should also be suitably restricted. Taking the Tomcat instances at the ASF as an example (where auto-deployment is disabled and web applications are deployed as exploded directories), the standard configuration is to have all Tomcat files owned by root with group Tomcat and whilst owner has read/write privileges, group only has read and world has no permissions. The exceptions are the logs, temp and work directory that are owned by the Tomcat user rather than root. This means that even if an attacker compromises the Tomcat process, they can't change the Tomcat configuration, deploy new web applications or modify existing web applications. The Tomcat process runs with a umask of 007 to maintain these permissions.

from cloud4things.

The file owner was docker's default when adding a file to the container. I changed the permissions to 777 and still no success.

from cloud4things.