*Why it happens:*
- *Systemd Sandboxing:* Debian's tomcat9 package uses systemd to manage the Tomcat service. Systemd employs sandboxing techniques to enhance security by restricting the resources and access that a service has. This includes limiting file system access. - *Default Restrictions:* By default, Tomcat is only granted write access to specific directories like conf, log, work, and webapps. This is a security measure to prevent Tomcat from potentially writing to sensitive areas of the file system. - *Configuration Overrides:* When you directly modify Tomcat's main service file, your changes can be overwritten during package updates or service restarts. This is because the package maintainers provide the default configuration, and your direct edits are seen as deviations. *How to fix it:* The correct way to add or modify ReadWritePaths is to create an *override file* for the Tomcat service. This ensures that your changes are preserved across updates. Here's how: 1. *Create the override directory:* sudo mkdir -p /etc/systemd/system/tomcat9.service.d/ 2. *Create the override file:* Create a file named override.conf inside the directory you just created: sudo nano /etc/systemd/system/tomcat9.service.d/override.conf 3. *Add your ReadWritePaths:* Inside override.conf, add the following, making sure to replace /dspace/ with the actual path you need: [Service] ReadWritePaths=/dspace/ If you need to grant access to multiple paths, list them separated by spaces: [Service] ReadWritePaths=/dspace/ /another/path/ /yet/another/path/ 4. *Reload systemd and restart Tomcat:* Apply the changes and restart Tomcat: sudo systemctl daemon-reload sudo systemctl restart tomcat9 On Wednesday, 17 July 2024 at 6:46:13 pm UTC+5:30 Henry Atsu Agbodza wrote: > Hi Andrew, > the acl command did not work for us. > We were having some error issues with the implementation of acl. > Our NFS is on Redhat whiles the Dspace is on Ubuntu. > What we did was to add the tomcat user to the dspace group which has > access to the assetstore directory on the NFS. > Thank you. > > > On Fri, Jul 12, 2024 at 1:09 PM Andrew K <[email protected]> wrote: > >> Hi Henry >> >> You have to give tomcat user write permissions to these dirs. >> Something like this >> chown -R tomcat:tomcat /dspace >> setfacl -R -m u:tomcat:rwx /dspace/assetstore >> >> >> пʼятниця, 12 липня 2024 р. о 13:08:23 UTC+3 Henry Atsu Agbodza пише: >> >>> Dear all, I have a similar problem. >>> >>> i have a 3-tiered DSpace 7.6.1 architecture. >>> When i try uploading a file it gives a java.io.IOException: No such >>> file or directory >>> >>> The assetstore is on an NFS. >>> In my /lib/systemd/system/tomcat9.service file, i have these settings >>> >>> ReadWritePaths=/dspace >>> ReadWritePaths=/mnt/dspacedir >>> >>> The /mnt/dspacedir has been mounted. I can read (access) files attached >>> to existing items but as stated earlier, i can't upload new files. >>> Thanks for the help. >>> >>> >>> >>> >>> On Thu, Jul 11, 2024 at 6:13 PM Andrew K <[email protected]> wrote: >>> >>>> >>>> Hi Mark, >>>> >>>> Thanks a lot for the information! >>>> I completely forgot that I did that. >>>> >>>> What is the other way to adjust tomcat9 ReadWritePaths? >>>> >>>> And, may I ask why updates like this go silently? >>>> >>>> WBR, >>>> Andrew >>>> четвер, 11 липня 2024 р. о 17:57:58 UTC+3 Walk, Martin пише: >>>> >>>>> Hi Andrew, >>>>> >>>>> this happens when you modified the tomcat9.service directly, usually >>>>> by adding >>>>> >>>>> ReadWritePaths=/path/to/your/dspace >>>>> ReadWritePaths=/path/to/your/dspace-asset-store >>>>> >>>>> When Tomcat is updating, tomcat9.service gets sometimes overridden and >>>>> your customisations get lost. >>>>> Check your tomcat9.service. And perhaps it’s better to make those >>>>> customisation in another place. >>>>> >>>>> Best regards, >>>>> Martin >>>>> >>>>> > On 10. Jul 2024, at 22:06, Andrew K <[email protected]> wrote: >>>>> > >>>>> > Hi! >>>>> > >>>>> > I have a Dspace 7.6.1 server on Ubuntu 20.04.6 LTS working for a few >>>>> months now. No recent changes at all. But suddenly there's an error when >>>>> uploading a file: >>>>> > Upload failed >>>>> > Also it shows java.io.IOException: No such file or directory below >>>>> on item creation page. >>>>> > >>>>> > First, I can not find this java.io.IOException: No such file or >>>>> directory anywhere in the logs. >>>>> > Second, I tried >>>>> > chown -R tomcat:tomcat /dspace/ >>>>> > setfacl -R -m u:tomcat:rwx /dspace/assetstore >>>>> > etc. >>>>> > Nothing. >>>>> > >>>>> > I also looked into the recent apt log: >>>>> > >>>>> > Log started: 2024-07-10 06:31:50 >>>>> > (Reading database ... ^M(Reading database ... 5%^M(Reading database >>>>> ... 10%^M(Reading database ... 15%^M(Reading database ... 20%^M(Reading >>>>> database ... 25%^M(Reading da>Preparing to unpack >>>>> .../libtomcat9-java_9.0.31-1ubuntu0.5_all.deb ... >>>>> > Unpacking libtomcat9-java (9.0.31-1ubuntu0.5) over >>>>> (9.0.31-1ubuntu0.4) ... >>>>> > Preparing to unpack .../tomcat9-common_9.0.31-1ubuntu0.5_all.deb ... >>>>> > Unpacking tomcat9-common (9.0.31-1ubuntu0.5) over >>>>> (9.0.31-1ubuntu0.4) ... >>>>> > Setting up libtomcat9-java (9.0.31-1ubuntu0.5) ... >>>>> > Setting up tomcat9-common (9.0.31-1ubuntu0.5) ... >>>>> > Log ended: 2024-07-10 06:31:51 >>>>> > >>>>> > Log started: 2024-07-10 06:31:54 >>>>> > (Reading database ... ^M(Reading database ... 5%^M(Reading database >>>>> ... 10%^M(Reading database ... 15%^M(Reading database ... 20%^M(Reading >>>>> database ... 25%^M(Reading da>Preparing to unpack >>>>> .../tomcat9_9.0.31-1ubuntu0.5_all.deb ... >>>>> > Unpacking tomcat9 (9.0.31-1ubuntu0.5) over (9.0.31-1ubuntu0.4) ... >>>>> > Setting up tomcat9 (9.0.31-1ubuntu0.5) ... >>>>> > Processing triggers for rsyslog (8.2001.0-1ubuntu1.3) ... >>>>> > Log ended: 2024-07-10 06:31:59 >>>>> > >>>>> > Could those tomcat updates (no one started them, must be automatic) >>>>> cause the upload problem? >>>>> > Where else should I look? >>>>> > >>>>> > Thanks, >>>>> > Andrew >>>>> > >>>>> > -- >>>>> > All messages to this mailing list should adhere to the Code of >>>>> Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx >>>>> > --- >>>>> > You received this message because you are subscribed to the Google >>>>> Groups "DSpace Technical Support" group. >>>>> > To unsubscribe from this group and stop receiving emails from it, >>>>> send an email to [email protected]. >>>>> > To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/dspace-tech/5db0f3b9-86dc-4326-9f11-10f52f40a567n%40googlegroups.com. >>>>> >>>>> >>>>> >>>>> -- >>>> All messages to this mailing list should adhere to the Code of Conduct: >>>> https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "DSpace Technical Support" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> >>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/dspace-tech/040c1c1a-f267-4861-950f-9b9baa3789f5n%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/dspace-tech/040c1c1a-f267-4861-950f-9b9baa3789f5n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >>> -- >>> *Psalm 119:28 My Soul is weary with sorrow ; strengthen me according to >>> your Word.* >>> *Sincerely Yours,* >>> >>> *Henry Atsu Agbodza* >>> *Commonwealth Fellow* >>> *Library Systems and Research Support, * >>> *Academic Computing Unit,* >>> *University of Ghana Computing Systems (UGCS)* >>> *Room G3, Ground Floor - East Wing, * >>> *Balme Library* >>> *Legon* >>> *Tel.: +233 (0) 207 027360* >>> *IP Phone: 2442* >>> >>> *UG Repository <http://ugspace.ug.edu.gh>* >>> *UG Library <http://balme.ug.edu.gh>* >>> >>> >>> *UG Online Catalogue (UGCat) <http://library.ug.edu.gh/>UG Research >>> Portal <http://libguides.ug.edu.gh>UG Off - Campus Access to E - Resources >>> <http://ezproxy.ug.edu.gh/>* >>> *UG Chat with A Librarian Service >>> <http://balme.ug.edu.gh/chat/client.php>* >>> >> -- >> All messages to this mailing list should adhere to the Code of Conduct: >> https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx >> --- >> You received this message because you are subscribed to the Google Groups >> "DSpace Technical Support" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/dspace-tech/f8bb7ea3-8c62-4fc3-bf18-10075ee1e2fbn%40googlegroups.com >> >> <https://groups.google.com/d/msgid/dspace-tech/f8bb7ea3-8c62-4fc3-bf18-10075ee1e2fbn%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > *Psalm 119:28 My Soul is weary with sorrow ; strengthen me according to > your Word.* > *Sincerely Yours,* > > *Henry Atsu Agbodza* > *Commonwealth Fellow* > *Library Systems and Research Support, * > *Academic Computing Unit,* > *University of Ghana Computing Systems (UGCS)* > *Room G3, Ground Floor - East Wing, * > *Balme Library* > *Legon* > *Tel.: +233 (0) 207 027360* > *IP Phone: 2442* > > *UG Repository <http://ugspace.ug.edu.gh>* > *UG Library <http://balme.ug.edu.gh>* > > > *UG Online Catalogue (UGCat) <http://library.ug.edu.gh/>UG Research Portal > <http://libguides.ug.edu.gh>UG Off - Campus Access to E - Resources > <http://ezproxy.ug.edu.gh/>* > *UG Chat with A Librarian Service <http://balme.ug.edu.gh/chat/client.php>* > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/dspace-tech/7720006c-a684-45fa-b49f-dbc9f48b3bf6n%40googlegroups.com.
