[jira] [Commented] (DAEMON-217) Tomcat 6 and 7 Won't Start Due to Permissions Issue

Mon, 12 Sep 2011 12:31:35 -0700 

    [ 
https://issues.apache.org/jira/browse/DAEMON-217?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13102951#comment-13102951
 ] 

Mladen Turk commented on DAEMON-217:
------------------------------------

With 1.0.7 we fixed a security issue (CVE-2011-2729)
As you can see the fix works :)

I suppose your jsvc is linked to libcap so that's the
reason. Previous versions have wrongly left the jvm
with the elevated capabilities, which is security issue
and allows to write to the place where the -user (tomcat)
shouldn't. You can easily check that by running the
catalina.sh directly as tomcat user (without jsvc).
It will fail at the same place.


> Tomcat 6 and 7 Won't Start Due to Permissions Issue
> ---------------------------------------------------
>
>                 Key: DAEMON-217
>                 URL: https://issues.apache.org/jira/browse/DAEMON-217
>             Project: Commons Daemon
>          Issue Type: Bug
>          Components: Jsvc
>    Affects Versions: 1.0.7
>         Environment: Arch Linux x86-32
>            Reporter: Aimelyne Mochiron
>            Priority: Blocker
>
> I upgraded java-jsvc to the next version available from Arch (1.0.7) as part 
> of a routine box-wide upgrade. From that point, Tomcat started complaining 
> that it didn't have the right permissions to read either manager.xml or 
> host-manager.xml, under /etc/tomcat6/Catalina/localhost/. Perms look OK 
> though: Catalina's mode is 0755 for tomcat:tomcat, so is localhost's; 
> manager.xml and host-manager.xml, under localhost, are both 0644 for 
> tomcat:tomcat. /etc/tomcat6/ is set to mode 0770 for root:root, which was the 
> case previously as well. Nothing appears to have changed on that front as 
> part of the upgrade.
> Tomcat failed to deploy the web application directory host-manager (dixit 
> catalina.err), and as a result I couldn't access the manager app anymore (got 
> a 404 error page telling me the requested resource wasn't available).
> Downgrading java-jsvc to the last known working version (1.0.6) solved the 
> issue.
> The Issue also affects Tomcat 7. Please see below link to my post on Arch's 
> forums for greater detail, incl. a dump of catalina.err and a corroborating 
> post from another Arch user.
> https://bbs.archlinux.org/viewtopic.php?id=125943

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to