Re: Error during startup
> 2022年8月9日 21:05,Christopher Schultz 写道:
>
> Han,
>
> On 8/4/22 00:49, Han Li wrote:
>> Hi Mohan,
>> You can open CATALINA_BASE/conf/catalina.policy file, add following
>> statement within “grant” section:
>> permission java.lang.RuntimePermission "getenv.*";
>
>
> While this will likely fix the "problem", it may not be the best solution.
> The OP is running under a Security Manager, probably for a reason. It would
> be best to restrict the getenv privilege to the minimum necessary to run the
> application properly in that environment. That may be something closer to
>
> grant codeBase "file:some/specific.jar" {
> permission java.lang.RuntimePermission "getenv.oneVariableName";
> }
I got it.
Thank you, Chris.
Han.
>
> Thanks,
> -chris
>
>>> 2022年8月4日 11:33,Mohan T 写道:
>>>
>>> Dear All,
>>>
>>> We are using tomcat 8.5 on suse linux 7.
>>>
>>> We are invoking Catalina.sh in java security enabled mode.
>>>
>>> Kindly help me in resolving this .
>>>
>>> Thanks
>>>
>>> Mohan
>>>
>>> Exception:
>>> Error in Full Agent Registration Info Resolver reading environment
>>> variable/system property
>>> java.security.AccessControlException: access denied
>>> ("java.lang.RuntimePermission" "getenv.")
>>> at
>>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
>>> at java.security.AccessController.checkPermission(AccessController.java:884)
>>> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>>> at java.lang.System.getenv(System.java:894)
>>>
>>> DISCLAIMER: This communication contains information which is confidential
>>> and the copyright of Ramco Systems Ltd, its subsidiaries or a third party
>>> ("Ramco"). This email may also contain legally privileged information.
>>> Confidentiality and legal privilege attached to this communication are not
>>> waived or lost by reason of mistaken delivery to you.This email is intended
>>> to be read or used by the addressee only. If you are not the intended
>>> recipient, any use, distribution, disclosure or copying of this email is
>>> strictly prohibited without the express written approval of Ramco. Please
>>> delete and destroy all copies and email Ramco at le...@ramco.com
>>> immediately. Any views expressed in this communication are those of the
>>> individual sender, except where the sender specifically states them to be
>>> the views of Ramco. Except as required by law, Ramco does not represent,
>>> warrant and/or guarantee that the integrity of this communication has been
>>> maintained nor that the communication is free of errors, virus,
>>> interception or interference. If you do not wish to receive such
>>> communications, please forward this communication to market...@ramco.com
>>> and express your wish not to receive such communications henceforth.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
Re: Error during startup
Joey,
On 8/8/22 09:21, Joey Cochran wrote:
Make sure /bin/tomcat-juli.jar is set to 755 (chmod 755 tomcat-juli.jar)
Nonsense. This would never cause a permissions problem as described by
the OP. Also:
7 = owner read+write+execute
5 = group read+execute
5 = other read+execute
NOBODY needs execute permission on a JAR file (okay, unless it's a
runnable JAR, which this one IS NOT).
This file is happy under any of the following, depending upon your needs.
0400
0440
0540
And surely other options with additional unnecessary permissions.
For my money, I'd have the file owners be something like user "tomcat"
group "tomcat" and the euid of the Tomcat process something like user
"runtomcat" group "tomcat" and have most things read-only for the
"runtomcat" user. You can have group-write permission enabled for
"tomcat" for the "work", "logs", and "temp" directories.
-chris
-Original Message-
From: Mohan T
Sent: Monday, August 8, 2022 2:26 AM
To: Tomcat Users List
Subject: [EXTERNAL] RE: Error during startup
We have added the contents under grant section.
Still we are getting the error message.
Error in Full Agent Registration Info Resolver reading environment
variable/system property
java.security.AccessControlException: access denied ("java.lang.RuntimePermission"
"getenv.")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at
java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.System.getenv(System.java:894)
at
com.singularity.ee.util.system.SystemUtils.getenv(SystemUtils.java:49)
at
com.singularity.ee.agent.resolver.ADefaultResolver.getProperty(ADefaultResolver.java:44)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.shouldCreateAgentInfoIfMissing(FullAgentRegistrationInfoResolver.java:83)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.(FullAgentRegistrationInfoResolver.java:72)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.(FullAgentRegistrationInfoResolver.java:60)
at
com.singularity.ee.agent.appagent.kernel.AppTierNodeDeterminerDelegate.executeGenericFunction(AppTierNodeDeterminerDelegate.java:260)
at
com.singularity.ee.agent.appagent.kernel.AppTierNodeDeterminer.executeGenericFunction(AppTierNodeDeterminer.java:128)
at
com.singularity.ee.agent.appagent.AgentEntryPoint.getAppTierNodeFromLib(AgentEntryPoint.java:1735)
at
com.singularity.ee.agent.appagent.AgentEntryPoint.determineAppAgentVersionToUse(AgentEntryPoint.java:1549)
at
com.singularity.ee.agent.appagent.AgentEntryPoint.premain(AgentEntryPoint.java:557)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:386)
at
sun.instrument.InstrumentationImpl.loadClassAndCallPremain(InstrumentationImpl.java:401)
Full Agent Registration Info Resolver found system property
[appdynamics.agent.nodeName] for node name [Tomcat_iaasa7924_base0]
Full Agent Registration Info Resolver using selfService [false]
Full Agent Registration Info Resolver using selfService [false]
Full Agent Registration Info Resolver using ephemeral node setting [false]
Full Agent Registration Info Resolver using application name
[ILAS-NonProd_34995]
Error in Full Agent Registration Info Resolver reading environment
variable/system property
java.security.AccessControlException: access denied ("java.lang.RuntimePermission"
"getenv.")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at
java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.System.getenv(System.java:894)
at
com.singularity.ee.util.system.SystemUtils.getenv(SystemUtils.java:49)
at
com.singularity.ee.agent.resolver.ADefaultResolver.getProperty(ADefaultResolver.java:44)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.getNodeNameFromJavaAgentArg(FullAgentRegistrationInfoResolver.java:387)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.run(FullAgentRegistrationInfoResolver.java:252)
at
com.singularity.ee.agent.appagent.kernel.AppTierNodeDeterminerDelegate.getAppTierNode(
Re: Error during startup
Han,
On 8/4/22 00:49, Han Li wrote:
Hi Mohan,
You can open CATALINA_BASE/conf/catalina.policy file, add following statement
within “grant” section:
permission java.lang.RuntimePermission "getenv.*";
While this will likely fix the "problem", it may not be the best
solution. The OP is running under a Security Manager, probably for a
reason. It would be best to restrict the getenv privilege to the minimum
necessary to run the application properly in that environment. That may
be something closer to
grant codeBase "file:some/specific.jar" {
permission java.lang.RuntimePermission "getenv.oneVariableName";
}
Thanks,
-chris
2022年8月4日 11:33,Mohan T 写道:
Dear All,
We are using tomcat 8.5 on suse linux 7.
We are invoking Catalina.sh in java security enabled mode.
Kindly help me in resolving this .
Thanks
Mohan
Exception:
Error in Full Agent Registration Info Resolver reading environment
variable/system property
java.security.AccessControlException: access denied ("java.lang.RuntimePermission"
"getenv.")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at
java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.System.getenv(System.java:894)
DISCLAIMER: This communication contains information which is confidential and the
copyright of Ramco Systems Ltd, its subsidiaries or a third party ("Ramco").
This email may also contain legally privileged information. Confidentiality and legal
privilege attached to this communication are not waived or lost by reason of mistaken
delivery to you.This email is intended to be read or used by the addressee only. If you
are not the intended recipient, any use, distribution, disclosure or copying of this
email is strictly prohibited without the express written approval of Ramco. Please delete
and destroy all copies and email Ramco at le...@ramco.com immediately. Any views
expressed in this communication are those of the individual sender, except where the
sender specifically states them to be the views of Ramco. Except as required by law,
Ramco does not represent, warrant and/or guarantee that the integrity of this
communication has been maintained nor that the communication is free of errors, virus,
interception or interference. If you do not wish to receive such communications, please
forward this communication to market...@ramco.com and express your wish not to receive
such communications henceforth.
Re: Error during startup
On 08/08/2022 14:21, Joey Cochran wrote:
Make sure /bin/tomcat-juli.jar is set to 755 (chmod 755 tomcat-juli.jar)
That suggestion is completely unrelated to the problem the OP is reporting.
-Original Message-
From: Mohan T
Sent: Monday, August 8, 2022 2:26 AM
To: Tomcat Users List
Subject: [EXTERNAL] RE: Error during startup
We have added the contents under grant section.
Still we are getting the error message.
It looks like you are adding some sort of agent to instrument the JVM.
Java security manager permissions are associated specific JAR files. Han
Li's suggestion was correct if the problem you are seeing is in
application code (i.e. part of the web application under WEB-INF/lib or
WEB-INF/classes).
If this is an agent then the JAR won't be in the web application. Where,
exactly, is the JAR that contains the agent you are trying to use?
Mark
Error in Full Agent Registration Info Resolver reading environment
variable/system property
java.security.AccessControlException: access denied ("java.lang.RuntimePermission"
"getenv.")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at
java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.System.getenv(System.java:894)
at
com.singularity.ee.util.system.SystemUtils.getenv(SystemUtils.java:49)
at
com.singularity.ee.agent.resolver.ADefaultResolver.getProperty(ADefaultResolver.java:44)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.shouldCreateAgentInfoIfMissing(FullAgentRegistrationInfoResolver.java:83)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.(FullAgentRegistrationInfoResolver.java:72)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.(FullAgentRegistrationInfoResolver.java:60)
at
com.singularity.ee.agent.appagent.kernel.AppTierNodeDeterminerDelegate.executeGenericFunction(AppTierNodeDeterminerDelegate.java:260)
at
com.singularity.ee.agent.appagent.kernel.AppTierNodeDeterminer.executeGenericFunction(AppTierNodeDeterminer.java:128)
at
com.singularity.ee.agent.appagent.AgentEntryPoint.getAppTierNodeFromLib(AgentEntryPoint.java:1735)
at
com.singularity.ee.agent.appagent.AgentEntryPoint.determineAppAgentVersionToUse(AgentEntryPoint.java:1549)
at
com.singularity.ee.agent.appagent.AgentEntryPoint.premain(AgentEntryPoint.java:557)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:386)
at
sun.instrument.InstrumentationImpl.loadClassAndCallPremain(InstrumentationImpl.java:401)
Full Agent Registration Info Resolver found system property
[appdynamics.agent.nodeName] for node name [Tomcat_iaasa7924_base0]
Full Agent Registration Info Resolver using selfService [false]
Full Agent Registration Info Resolver using selfService [false]
Full Agent Registration Info Resolver using ephemeral node setting [false]
Full Agent Registration Info Resolver using application name
[ILAS-NonProd_34995]
Error in Full Agent Registration Info Resolver reading environment
variable/system property
java.security.AccessControlException: access denied ("java.lang.RuntimePermission"
"getenv.")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at
java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.System.getenv(System.java:894)
at
com.singularity.ee.util.system.SystemUtils.getenv(SystemUtils.java:49)
at
com.singularity.ee.agent.resolver.ADefaultResolver.getProperty(ADefaultResolver.java:44)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.getNodeNameFromJavaAgentArg(FullAgentRegistrationInfoResolver.java:387)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.run(FullAgentRegistrationInfoResolver.java:252)
at
com.singularity.ee.agent.appagent.kernel.AppTierNodeDeterminerDelegate.getAppTierNode(AppTierNodeDeterminerDelegate.java:150)
at
com.singularity.ee.agent.appagent.kernel.AppTierNodeDeterminer.getAppTierNode(AppTierNodeDeterminer.java:83)
at
com.singularity.ee.agent.appagent.AgentEntryPoint.getAppTierNodeFromLib(AgentEntryPoint.java:1751)
at
com.singularity.ee.agent.appagent.AgentEntryPoint.determineA
RE: Error during startup
Make sure /bin/tomcat-juli.jar is set to 755 (chmod 755 tomcat-juli.jar)
-Original Message-
From: Mohan T
Sent: Monday, August 8, 2022 2:26 AM
To: Tomcat Users List
Subject: [EXTERNAL] RE: Error during startup
We have added the contents under grant section.
Still we are getting the error message.
Error in Full Agent Registration Info Resolver reading environment
variable/system property
java.security.AccessControlException: access denied
("java.lang.RuntimePermission" "getenv.")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at
java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.System.getenv(System.java:894)
at
com.singularity.ee.util.system.SystemUtils.getenv(SystemUtils.java:49)
at
com.singularity.ee.agent.resolver.ADefaultResolver.getProperty(ADefaultResolver.java:44)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.shouldCreateAgentInfoIfMissing(FullAgentRegistrationInfoResolver.java:83)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.(FullAgentRegistrationInfoResolver.java:72)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.(FullAgentRegistrationInfoResolver.java:60)
at
com.singularity.ee.agent.appagent.kernel.AppTierNodeDeterminerDelegate.executeGenericFunction(AppTierNodeDeterminerDelegate.java:260)
at
com.singularity.ee.agent.appagent.kernel.AppTierNodeDeterminer.executeGenericFunction(AppTierNodeDeterminer.java:128)
at
com.singularity.ee.agent.appagent.AgentEntryPoint.getAppTierNodeFromLib(AgentEntryPoint.java:1735)
at
com.singularity.ee.agent.appagent.AgentEntryPoint.determineAppAgentVersionToUse(AgentEntryPoint.java:1549)
at
com.singularity.ee.agent.appagent.AgentEntryPoint.premain(AgentEntryPoint.java:557)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:386)
at
sun.instrument.InstrumentationImpl.loadClassAndCallPremain(InstrumentationImpl.java:401)
Full Agent Registration Info Resolver found system property
[appdynamics.agent.nodeName] for node name [Tomcat_iaasa7924_base0]
Full Agent Registration Info Resolver using selfService [false]
Full Agent Registration Info Resolver using selfService [false]
Full Agent Registration Info Resolver using ephemeral node setting [false]
Full Agent Registration Info Resolver using application name
[ILAS-NonProd_34995]
Error in Full Agent Registration Info Resolver reading environment
variable/system property
java.security.AccessControlException: access denied
("java.lang.RuntimePermission" "getenv.")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at
java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.System.getenv(System.java:894)
at
com.singularity.ee.util.system.SystemUtils.getenv(SystemUtils.java:49)
at
com.singularity.ee.agent.resolver.ADefaultResolver.getProperty(ADefaultResolver.java:44)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.getNodeNameFromJavaAgentArg(FullAgentRegistrationInfoResolver.java:387)
at
com.singularity.ee.agent.resolver.FullAgentRegistrationInfoResolver.run(FullAgentRegistrationInfoResolver.java:252)
at
com.singularity.ee.agent.appagent.kernel.AppTierNodeDeterminerDelegate.getAppTierNode(AppTierNodeDeterminerDelegate.java:150)
at
com.singularity.ee.agent.appagent.kernel.AppTierNodeDeterminer.getAppTierNode(AppTierNodeDeterminer.java:83)
at
com.singularity.ee.agent.appagent.AgentEntryPoint.getAppTierNodeFromLib(AgentEntryPoint.java:1751)
at
com.singularity.ee.agent.appagent.AgentEntryPoint.determineAppAgentVersionToUse(AgentEntryPoint.java:1549)
at
com.singularity.ee.agent.appagent.AgentEntryPoint.premain(AgentEntryPoint.java:557)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:386)
at
sun.instrument.Ins
RE: Error during startup
Agent Registration Info Resolver reading environment
variable/system property
-Original Message-
From: Han Li
Sent: 04 August 2022 12:23
To: Tomcat Users List
Subject: Re: Error during startup
RAMCO Security WARNING: This is an external email. Do not click links or open
attachments unless you recognize the sender and know the content is safe
在 2022年8月4日星期四,Mohan T 写道:
> Hi,
>
> Thanks for the response.
>
> How to identify the "grant" section
>
> Below is the contents of the file.
>
> Quote
>
> // Licensed to the Apache Softwarse Foundation (ASF) under one or more
> // contributor license agreements. See the NOTICE file distributed with
> // this work for additional information regarding copyright ownership.
> // The ASF licenses this file to You under the Apache License, Version 2.0
> // (the "License"); you may not use this file except in compliance with
> // the License. You may obtain a copy of the License at
> //
> //
> https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.apache.org%2Flicenses%2FLICENSE-2.0data=05%7C01%7CMohan.T%40ramco.com%7C61c08c2668684cce7e6808da75e5f71c%7C75f8ca7fffca4bf8a4d28a83d0d6e896%7C0%7C0%7C637951927858105370%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=wwzNgOsrwPtKoras2043OaHeBTPP8g%2Fo4d14Z85aRGk%3Dreserved=0
> //
> // Unless required by applicable law or agreed to in writing, software
> // distributed under the License is distributed on an "AS IS" BASIS,
> // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> // See the License for the specific language governing permissions and
> // limitations under the License.
>
> //
>
> // catalina.policy - Security Policy Permissions for Tomcat
> //
> // This file contains a default set of security policies to be enforced
> (by the
> // JVM) when Catalina is executed with the "-security" option. In addition
> // to the permissions granted here, the following additional permissions
> are
> // granted to each web application:
> //
> // * Read access to the web application's document root directory
> // * Read, write and delete access to the web application's working
> directory
> //
>
>
>
> // == SYSTEM CODE PERMISSIONS ==
> ===
>
>
> // These permissions apply to javac
> grant codeBase "file:${java.home}/lib/-" {
> permission java.security.AllPermission;
> };
>
> // These permissions apply to all shared system extensions
> grant codeBase "file:${java.home}/jre/lib/ext/-" {
> permission java.security.AllPermission;
> };
>
> // These permissions apply to javac when ${java.home] points at
> $JAVA_HOME/jre
> grant codeBase "file:${java.home}/../lib/-" {
> permission java.security.AllPermission;
> };
>
> // These permissions apply to all shared system extensions when
> // ${java.home} points at $JAVA_HOME/jre
> grant codeBase "file:${java.home}/lib/ext/-" {
> permission java.security.AllPermission;
> };
>
>
> // == CATALINA CODE PERMISSIONS ==
> =
> grant codeBase "file:/home/ilas/rvwhome_tech/-" {
>// permission java.security.AllPermission;
> permission java.io.FilePermission "/home/ilas/rvwhome_tech/-",
> "read,write";
> permission java.io.FilePermission
> "/home/ilas/rvwhome_tech/RVWJAdmin.conf",
> "read,write";
> permission java.io.FilePermission "/home/ilas/rvwhome_tech/
> ExportExcel/GridExport12.xlsm", "read,write";
> permission java.io.FilePermission
> "/home/ilas/rvwhome_tech/config/cache.ccf",
> "read,write";
> permission java.io.FilePermission "<>","read";
>
> };
>
> grant codeBase "file:/home/ilas/rvwhome_tech/ExportExcel/-"{
> //permission java.security.AllPermission;
> permission java.io.FilePermission "/home/ilas/rvwhome_tech/
> ExportExcel/GridExport12.xlsm", "read,write";
> };
>
>
>
>
>
>
>
>
>
>
>
> // These permissions apply to the daemon code
> grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
> permission java.security.AllPermission;
> };
>
> // These permissions apply to the logging API
> // Note: If tomcat-juli.jar is in ${catalina.base} and not in
> ${catalina.ho
Re: Error during startup
在 2022年8月4日星期四,Mohan T 写道:
> Hi,
>
> Thanks for the response.
>
> How to identify the "grant" section
>
> Below is the contents of the file.
>
> Quote
>
> // Licensed to the Apache Softwarse Foundation (ASF) under one or more
> // contributor license agreements. See the NOTICE file distributed with
> // this work for additional information regarding copyright ownership.
> // The ASF licenses this file to You under the Apache License, Version 2.0
> // (the "License"); you may not use this file except in compliance with
> // the License. You may obtain a copy of the License at
> //
> // http://www.apache.org/licenses/LICENSE-2.0
> //
> // Unless required by applicable law or agreed to in writing, software
> // distributed under the License is distributed on an "AS IS" BASIS,
> // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> // See the License for the specific language governing permissions and
> // limitations under the License.
>
> //
>
> // catalina.policy - Security Policy Permissions for Tomcat
> //
> // This file contains a default set of security policies to be enforced
> (by the
> // JVM) when Catalina is executed with the "-security" option. In addition
> // to the permissions granted here, the following additional permissions
> are
> // granted to each web application:
> //
> // * Read access to the web application's document root directory
> // * Read, write and delete access to the web application's working
> directory
> //
>
>
>
> // == SYSTEM CODE PERMISSIONS ==
> ===
>
>
> // These permissions apply to javac
> grant codeBase "file:${java.home}/lib/-" {
> permission java.security.AllPermission;
> };
>
> // These permissions apply to all shared system extensions
> grant codeBase "file:${java.home}/jre/lib/ext/-" {
> permission java.security.AllPermission;
> };
>
> // These permissions apply to javac when ${java.home] points at
> $JAVA_HOME/jre
> grant codeBase "file:${java.home}/../lib/-" {
> permission java.security.AllPermission;
> };
>
> // These permissions apply to all shared system extensions when
> // ${java.home} points at $JAVA_HOME/jre
> grant codeBase "file:${java.home}/lib/ext/-" {
> permission java.security.AllPermission;
> };
>
>
> // == CATALINA CODE PERMISSIONS ==
> =
> grant codeBase "file:/home/ilas/rvwhome_tech/-" {
>// permission java.security.AllPermission;
> permission java.io.FilePermission "/home/ilas/rvwhome_tech/-",
> "read,write";
> permission java.io.FilePermission
> "/home/ilas/rvwhome_tech/RVWJAdmin.conf",
> "read,write";
> permission java.io.FilePermission "/home/ilas/rvwhome_tech/
> ExportExcel/GridExport12.xlsm", "read,write";
> permission java.io.FilePermission
> "/home/ilas/rvwhome_tech/config/cache.ccf",
> "read,write";
> permission java.io.FilePermission "<>","read";
>
> };
>
> grant codeBase "file:/home/ilas/rvwhome_tech/ExportExcel/-"{
> //permission java.security.AllPermission;
> permission java.io.FilePermission "/home/ilas/rvwhome_tech/
> ExportExcel/GridExport12.xlsm", "read,write";
> };
>
>
>
>
>
>
>
>
>
>
>
> // These permissions apply to the daemon code
> grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
> permission java.security.AllPermission;
> };
>
> // These permissions apply to the logging API
> // Note: If tomcat-juli.jar is in ${catalina.base} and not in
> ${catalina.home},
> // update this section accordingly.
> // grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
> grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
> permission java.io.FilePermission
>
> "${java.home}${file.separator}lib${file.separator}logging.properties",
> "read";
>
> permission java.io.FilePermission
>
> "${catalina.base}${file.separator}conf${file.separator}logging.properties",
> "read";
> permission java.io.FilePermission
> "${catalina.base}${file.separator}logs", "read, write";
> permission java.io.FilePermission
> "${catalina.base}${file.separator}logs${file.separator}*",
> "read, write, delete";
>
> permission java.lang.RuntimePermission "shutdownHooks";
> permission java.lang.RuntimePermission "getClassLoader";
> permission java.lang.RuntimePermission "setContextClassLoader";
>
> permission java.lang.management.ManagementPermission "monitor";
>
> permission java.util.logging.LoggingPermission "control";
>
> permission java.util.PropertyPermission
> "java.util.logging.config.class",
> "read";
> permission java.util.PropertyPermission
> "java.util.logging.config.file",
> "read";
> permission
Re: Error during startup
Hi Mohan,
You can open CATALINA_BASE/conf/catalina.policy file, add following statement
within “grant” section:
permission java.lang.RuntimePermission "getenv.*";
Han
> 2022年8月4日 11:33,Mohan T 写道:
>
> Dear All,
>
> We are using tomcat 8.5 on suse linux 7.
>
> We are invoking Catalina.sh in java security enabled mode.
>
> Kindly help me in resolving this .
>
> Thanks
>
> Mohan
>
> Exception:
> Error in Full Agent Registration Info Resolver reading environment
> variable/system property
> java.security.AccessControlException: access denied
> ("java.lang.RuntimePermission" "getenv.")
>at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
>at
> java.security.AccessController.checkPermission(AccessController.java:884)
>at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>at java.lang.System.getenv(System.java:894)
>
> DISCLAIMER: This communication contains information which is confidential and
> the copyright of Ramco Systems Ltd, its subsidiaries or a third party
> ("Ramco"). This email may also contain legally privileged information.
> Confidentiality and legal privilege attached to this communication are not
> waived or lost by reason of mistaken delivery to you.This email is intended
> to be read or used by the addressee only. If you are not the intended
> recipient, any use, distribution, disclosure or copying of this email is
> strictly prohibited without the express written approval of Ramco. Please
> delete and destroy all copies and email Ramco at le...@ramco.com immediately.
> Any views expressed in this communication are those of the individual sender,
> except where the sender specifically states them to be the views of Ramco.
> Except as required by law, Ramco does not represent, warrant and/or guarantee
> that the integrity of this communication has been maintained nor that the
> communication is free of errors, virus, interception or interference. If you
> do not wish to receive such communications, please forward this communication
> to market...@ramco.com and express your wish not to receive such
> communications henceforth.
Re: error during startup after applying changes from CVE-2016-3092
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bernd, On 6/22/16 8:05 AM, Lentes, Bernd wrote: > > > - On Jun 22, 2016, at 1:52 PM, Bernd Lentes > bernd.len...@helmholtz-muenchen.de wrote: > >> Hi, >> >> i changed maxHttpHeaderSize in server.xml following the >> recommendation in CVE-2016-3092. I changed it to 2048 bytes. >> >> > connectionTimeout="2" redirectPort="8443" >> maxHttpHeaderSize="2048" />
Re: error during startup after applying changes from CVE-2016-3092
- On Jun 22, 2016, at 1:52 PM, Bernd Lentes bernd.len...@helmholtz-muenchen.de wrote: > Hi, > > i changed maxHttpHeaderSize in server.xml following the recommendation in > CVE-2016-3092. > I changed it to 2048 bytes. > >connectionTimeout="2" > redirectPort="8443" maxHttpHeaderSize="2048" /> > >
