I'm not a great security specialist, but your setup looks indeed safe
enough, if the users are chrooted to their home directories.
I can't imagine how they could break out and access things they shouldn't.
Just one more question : how do you arrange to know who is uploading a
file, and thus where to put it ?
As a footnote : having a basic problem similar to yours (under Apache,
not Tomcat), I ended up with a solution like this, implemented with
Apache and mod_perl, but which should be also transposable to Tomcat
with servlet filters and such :
To allow users to upload their files, I implemented the standard DAV
module in Apache (which also exists in Tomcat). This way, they can do
drag-and-drop directly from within their Windows Explorer, to one
directory structure on the server. And, I did not have to re-invent the
wheel for uploading files.
But that did not at first allow me to know who was uploading the file,
and what to do with it.
To know who was doing it, I thus added an HTTP authentication.
But still, DAV doesn't care, and uploads all the files under the user
Apache (Tomcat) runs under.
So I added a couple of filters, one in front and one behind DAV. The
front-end filter takes note of who this is (from the Apache
authentication), and where the user thinks he is uploading the file to
(from the URL), then changes the "PUT" URL sneakily (a la mod_rewrite),
so that DAV now uploads the file in fact somewhere completely different,
outside of the directories where the user thinks he is uploading.
Then right after DAV, another filter picks up the uploaded file from the
known place where DAV put it, and moves it to the real destination and
with the correct ownership and permissions (which it gets from where the
first filter saved them).
It is a bit like another solution suggested earlier based on a separate
daemon, only here everything happens in real-time.
I am sure this could be done in Tomcat with a servlet filter around the
To unsubscribe, e-mail: email@example.com
For additional commands, e-mail: firstname.lastname@example.org