Re: HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Boots
Thanks Rainer! Meanwhile what I did was to give root access to the conf folder.That worked as a charm. Right/Owner are chown -R tomcat:tomcat /usr/local/tomcat chown -R root:root /usr/local/tomcat/bin chown -R root:root /usr/local/tomcat/common chown -R root:root /usr/local/tomcat/conf Having it in the memory is a much better way. I'm looking forward to get the 5.5.11 release then. MC From: Rainer Jung [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Bootstrap Date: Thu, 04 Aug 2005 15:22:19 +0200 CVS head now includes an improvement: 1) If the directory containing tomcat-users.xml is not writeable you will get a nice warning instead of a strange exception. 2) You can configure the MemoryUserDatabase with the attribute readonly=true. Then there will be not write attempt at all. Details under http://issues.apache.org/bugzilla/show_bug.cgi?id=36020 Will be included in 5.5.11 most probably sometime during august. MC Moisei wrote: Hi, I manage to configure my tomcat with jsvc(common-daemon) and everything work great till I start to launch it as root. If I run it as tomcat user it does work great. If I try to run it as root from command prompt or from init.d I get the following exception ( see below ) Right are given as below chown -R tomcat:tomcat /usr/local/tomcat chown -R root:root /usr/local/tomcat/bin chown -R root:root /usr/local/tomcat/common This is not right - looks like the bootstrap is trying to access the Realm and there is no write access to the conf/tomcat-users.xml file. I can't believe the common-daemon not tomcat side didn't say a thing about this, I bet there are others experiencing the matter. Do i have to disable Tomcat realms ? It doesn't sounds right. There is no way I'd give others write access on that. Looking forward to hear from you if you experienced something similar. Thanks, MC Aug 1, 2005 7:23:15 PM org.apache.naming.NamingContext lookup WARNING: Unexpected exception resolving reference java.io.FileNotFoundException: /usr/local/tomcat/tomcat_home/conf/tomcat-users.xml.new (Permission denied) at java.io.FileOutputStream.open(Native Method) at java.io.FileOutputStream.init(FileOutputStream.java:179) at java.io.FileOutputStream.init(FileOutputStream.java:131) at org.apache.catalina.users.MemoryUserDatabase.save(MemoryUserDatabase.java:462) at org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUserDatabaseFactory.java:98) at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:129) at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:301) at org.apache.naming.NamingContext.lookup(NamingContext.java:792) at org.apache.naming.NamingContext.lookup(NamingContext.java:152) at org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalResourcesLifecycleListener.java:138) at org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalResourcesLifecycleListener.java:108) at org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.lifecycleEvent(GlobalResourcesLifecycleListener.java:80) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.StandardServer.start(StandardServer.java:676) at org.apache.catalina.startup.Catalina.start(Catalina.java:537) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:218) Aug 1, 2005 7:23:15 PM org.apache.catalina.mbeans.GlobalResourcesLifecycleListener createMBeans SEVERE: Exception processing Global JNDI Resources - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL
Re: HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Boots
Interesting, Thanks Darryl for sharing. So you run 5.5.9 and no problem huh ? What's the access given for the tomcat structure ? I'm interested in particular on that conf folder. I can run it fine too but not as root and root has no write access to the conf folder. How is your set up ? BTW that .new extension looked strange to me too. I cannot explain it - didn't look yet in TC source code. Here's the way I call the jsvc JAVA_HOME=/usr/local/java_home CATALINA_HOME=/usr/local/tomcat/tomcat_home TOMCAT_USER=tomcat TMP_DIR=/var/tmp CATALINA_OPTS= CLASSPATH=\ $JAVA_HOME/lib/tools.jar:\ $CATALINA_HOME/bin/commons-daemon.jar:\ $CATALINA_HOME/bin/bootstrap.jar:\ $CATALINA_HOME/bin/mx4j-jmx.jar:\ $CATALINA_HOME/bin/mx4j.jar:\ $CATALINA_HOME/bin/jsvc \ -user $TOMCAT_USER \ -home $JAVA_HOME \ -Dcatalina.home=$CATALINA_HOME \ -Djava.io.tmpdir=$TMP_DIR \ -outfile $CATALINA_HOME/logs/catalina-daemon.out \ -errfile $CATALINA_HOME/logs/catalina-daemon.err \ $CATALINA_OPTS \ -cp $CLASSPATH:$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar org.apache.catalina.startup.Bootstrap Did you have any issues while installing jsvc ? Thanks again, MC http://www.goodstockimages.com From: Darryl L. Miles [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Bootstrap Date: Tue, 02 Aug 2005 08:01:36 +0100 MC Moisei wrote: java.io.FileNotFoundException: /usr/local/tomcat/tomcat_home/conf/tomcat-users.xml.new (Permission denied) at java.io.FileOutputStream.open(Native Method) This smells like its calling for write access to the DIRECTORY /usr/local/tomcat/tomcat_home/conf/ (not the file) Unless you have a left over file that is actually called conf/tomcat-users.xml.new from a previous execution of TC that did not complete the edit and rename. In which case I think you need to delete the conf/tomcat-users.xml.new file (after you've ensured you have a valid and working conf/tomcat-users.xml file itself). FYI - I run jsvc too and have not seen this problem with 5.5.9. jsvc.exec -Djava.endorsed.dirs=./common/endorsed -classpath :/opt/jakarta-tomcat-5.5.9/bin/bootstrap.jar:/opt/jakarta-tomcat-5.5.9/bin/commons-logging-api.jar -Dcatalina.base=/opt/jakarta-tomcat-5.5.9 -Dcatalina.home=/opt/jakarta-tomcat-5.5.9 -Djava.io.tmpdir=/opt/jakarta-tomcat-5.5.9/temp -outfile ./logs/catalina.out -errfile ./logs/catalina.err -pidfile ./logs/jsvc.pid -user jakarta -Xmx2048M -Xms512M -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start -- Darryl L. Miles - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Boots
For some reason during startup tomcat writes (!) the file tomcat-users.xml. It does it in the way that it writes to tomcat-users.xml.new and then renames that file to tomcat-users.xml. At least that's what was in the 5.0 code. I assume that didn't change with 5.5. As a consequence the user running tomcat needs write access to the directory the tomcat-users.xml file is in. If you don't like the idea of giving that runtime user write access to the conf directory, you can configure tomcat-users.xml inside server.xml to be in some other directory - which then is the one that needs write access. As far as I know, there is no workaround for that at the moment (except for choosing another user realm). Interesting, Thanks Darryl for sharing. So you run 5.5.9 and no problem huh ? What's the access given for the tomcat structure ? I'm interested in particular on that conf folder. I can run it fine too but not as root and root has no write access to the conf folder. How is your set up ? BTW that .new extension looked strange to me too. I cannot explain it - didn't look yet in TC source code. Here's the way I call the jsvc JAVA_HOME=/usr/local/java_home CATALINA_HOME=/usr/local/tomcat/tomcat_home TOMCAT_USER=tomcat TMP_DIR=/var/tmp CATALINA_OPTS= CLASSPATH=\ $JAVA_HOME/lib/tools.jar:\ $CATALINA_HOME/bin/commons-daemon.jar:\ $CATALINA_HOME/bin/bootstrap.jar:\ $CATALINA_HOME/bin/mx4j-jmx.jar:\ $CATALINA_HOME/bin/mx4j.jar:\ $CATALINA_HOME/bin/jsvc \ -user $TOMCAT_USER \ -home $JAVA_HOME \ -Dcatalina.home=$CATALINA_HOME \ -Djava.io.tmpdir=$TMP_DIR \ -outfile $CATALINA_HOME/logs/catalina-daemon.out \ -errfile $CATALINA_HOME/logs/catalina-daemon.err \ $CATALINA_OPTS \ -cp $CLASSPATH:$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar org.apache.catalina.startup.Bootstrap Did you have any issues while installing jsvc ? Thanks again, MC http://www.goodstockimages.com From: Darryl L. Miles [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Bootstrap Date: Tue, 02 Aug 2005 08:01:36 +0100 MC Moisei wrote: java.io.FileNotFoundException: /usr/local/tomcat/tomcat_home/conf/tomcat-users.xml.new (Permission denied) at java.io.FileOutputStream.open(Native Method) This smells like its calling for write access to the DIRECTORY /usr/local/tomcat/tomcat_home/conf/ (not the file) Unless you have a left over file that is actually called conf/tomcat-users.xml.new from a previous execution of TC that did not complete the edit and rename. In which case I think you need to delete the conf/tomcat-users.xml.new file (after you've ensured you have a valid and working conf/tomcat-users.xml file itself). FYI - I run jsvc too and have not seen this problem with 5.5.9. jsvc.exec -Djava.endorsed.dirs=./common/endorsed -classpath :/opt/jakarta-tomcat-5.5.9/bin/bootstrap.jar:/opt/jakarta-tomcat-5.5.9/bin/commons-logging-api.jar -Dcatalina.base=/opt/jakarta-tomcat-5.5.9 -Dcatalina.home=/opt/jakarta-tomcat-5.5.9 -Djava.io.tmpdir=/opt/jakarta-tomcat-5.5.9/temp -outfile ./logs/catalina.out -errfile ./logs/catalina.err -pidfile ./logs/jsvc.pid -user jakarta -Xmx2048M -Xms512M -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start -- Darryl L. Miles - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]