Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
On 12/9/13 2:51 PM, Christopher Schultz wrote: Can you confirm that qsh is telling you it can't actually run /foo/tomcat/bin/startup.sh because of a permissions problem, or is it that /foo/tomcat/bin/startup.sh *is* running and something it's trying to do is failing? Does it fail when running from the command-line, or from some scheduled job, startup script, etc.? As I recall from Friday, I got the same error message whether I ran it from my STRTOMCAT CL program (which, among other things, finds and selects the best available JVM on the box, and sets up environment variables to avoid the need to set them in catalina.sh or the preferred setenv.sh, before submitting it as a batch job), or from a QShell command line (which is not an especially useful way to run it, given that it would come crashing down around its knees as soon as I exit QShell). But that doesn't tell me anything, one way or the other. And neither does the audit journal entry for the authority problem (it might tell somebody else what was going wrong, but not me). And yet, as I just posted, changing the owner of the entire subtree, something that one would expect (especially given the user profile under which I'm signed on) to either have no effect at all, or to break a working Tomcat, caused it to start working as if nothing had ever been wrong. Which leaves me more puzzled than ever. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 12/6/13, 7:59 PM, James H. H. Lampert wrote: >> qsh: 001-0018 Error found running command >> /foo/tomcat/bin/startup.sh. Permission denied. Can you confirm that qsh is telling you it can't actually run /foo/tomcat/bin/startup.sh because of a permissions problem, or is it that /foo/tomcat/bin/startup.sh *is* running and something it's trying to do is failing? Does it fail when running from the command-line, or from some scheduled job, startup script, etc.? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSpkl+AAoJEBzwKT+lPKRYcEcP/1K/0tZGRo7LnFrXOdPXOuAA L+g539WxiKkXS763qg8TfQeYqFRBspS3iRkXlK0zRZ0u8ZdaJr5aEwSMSif61eNP 81tPBPjjdKm+VnhZS1novm1ZSbT+3FreEMUCTNbll7cRH8YFsSl/dc5EF3x6UKVt 81puX//7A9M2dVfN/2JXNiQ8V9qW9x9eeIIl/DU8N3KaWn0BEwZ5aCfHkzFM/P19 GpjBGkVKDj8PZp1kBruSJ/E8hipRotj5rpyBQ8DO3PsD5UmuWyYNDP9PCpiXJyp2 TBiiwn2Bzr9RG3DlfprlOW96qcOzX9GbPppXypi68pcZmiebyXF44shWDBO+kLeG pUw9XczV7hLIYV450vbENsMib2Mul71wWhRM9/YSYrMOjIqvs4Jc7IQ9Bsz+4pwG KsUaVmZT352Oolm/mWzWq2M1oqdck4NQSk8e0NaLUJneF3/WKPEP1fgAdnUkIEBo f3gxESgI0F0FCy3yc9Uby1d5XJBfVNeApVB1h+EOBfYROyD7n/KCOhMhcq/yR0iz PYQ0gOYwl4BdbJbkvlCwIFJFuIwoy7XDYm2I4kVjRIOHK0ElbjfEDm6mhITQiBkM flTTenQopwaHGmfSUNN2Ajizx3PZY9rxJ+b95cYp3Xoa2Jt9HDuAkIFZLnHTnS4o CXZwq1b8n8iF2pSjk3q6 =P6UW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
On 12/9/13 11:58 AM, Dan Kimmel (on the Midrange Java List) wrote: Your user needs x permission on startup.sh in order to execute it. The user draws that authority from owner, group or public which are the three groupings of rwx authorities you see, in that order (the first of the 10 characters are - for file or d for directory). If theres a dash in one of the spots where you expect rwx, that permission has not been granted. Except that according to the "ls -l startup.sh" results, *nobody* has "x" authority to *either* the new *or* old startup.sh, on *any* box. /wintouch/tomcat/bin/startup.sh is -rw-rw-rw- /wintouch/tomcat.bak/bin/startup.sh is -rw-rw-rw- /wintouch/tomcat/bin/startup.sh is -rw-rw-rw- /wintouch/tomcat.bak/bin/startup.sh is -rw-rw-rw- yet only the first one fails. Dan goes on to say: One way to fix this is to chown to what is expected. If you are running Tomcat as WTADMIN (which it appears) you probably need to sign on as WINTOUCH and run "chown -R WTADMIN /wintouch/tomcat". You can also change permission with "chmod ugo+x" to add execute permission for owner(u), group(g), and others(o). See http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=%2Frzahz%2Fchmod.htm The only difference is the owner of the whole Tomcat 7.0.47 subtree on the "problem" customer box: because the WINTOUCH account was disabled, I used a secondary account, WTADMIN, to do the 7.0.47 installation, and to do all the launches since the installation. There was no logical reason for me to assume that this was the reason (especially since both tomcat versions are under my QSECOFR-equivalent account's ownership on our box), but I changed the ownership of the entire directory subtree from WTADMIN to WINTOUCH (using the CHGOWN command from an OS/400 command line, rather than a "chown" from a QShell command line), ran our STRTOMCAT CL program, and CATALINA STARTED RIGHT UP, AND THE PORTS OPENED, AS IF THERE HAD NEVER BEEN ANYTHING WRONG. They're up and running, but now I'm more puzzled than ever. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
On 12/9/13 11:40 AM, Tim Watts wrote: What about execute permissions on /wintouch. As Chris pointed out earlier, WTADMIN must have execute permission to the top of the tree. You seem to have investigated every corner except that one. Both tomcat and tomcat.bak are subdirectories of /wintouch, so if that were the issue, they'd either both work fine, or both fail. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
On Mon, 2013-12-09 at 11:00 -0800, James H. H. Lampert wrote: > On 12/6/13 6:56 PM, CRPence (on the Midrange Java List) wrote: > >The T-AF audit entry should log the object to which there > > was insufficient authority, then the chmod can be requested against that > > object to grant the necessary authority bits. > > The T-AF audit entry shows (and I'm no longer bothering to "change names > to protect the innocent"): > > > 1 'A*N*N*STMFQP0ZSPWP WTADMIN ' > > 00051 '280199WTADMIN ' > > 00101 '000 ' > > 00151 ' ' > > 00201 ' ' > > 00251 ' nP8 ry ' > . . . > > 00801 ' nP8 ry QASP011USENU Y' > > 00851 ' /wintouch/tomcat/bin/startup.sh ' > > Which would seem to indicate that it's the startup shell script itself > that has the authority problem. > > So looking at the paths using the QShell "ls" command, I get: > > > cd /wintouch/tomcat/bin > > $ > > ls -l startup.sh > > -rw-rw-rw- 1 WTADMIN 0 1961 Oct 18 13:19 startup.sh > for the 7.0.47 version, which has the authority failure, and > > cd /wintouch/tomcat.bak/bin > > $ > > ls -l startup.sh > > -rw-rw-rw- 1 WINTOUCH 0 1961 Jun 15 2012 startup.sh > for the 7.0.25, which looks exactly the same, except for the owner and > the date, and yet it works. > > The bin directory shows: > > drwxrwsrwx 2 WTADMIN 0 32768 Oct 18 13:19 bin > for 7.0.47 (fails), and > > drwxrwsrwx 2 WINTOUCH 0 32768 Jun 15 2012 bin > for 7.0.25 (works) > > The tomcat (7.0.47) and tomcat.bak (7.0.25) directories show: > > drwxrwsrwx 9 WTADMIN 0 12288 Dec 6 14:21 tomcat > > drwxrwsrwx 9 WINTOUCH 0 12288 Jun 15 2012 tomcat.bak > What about execute permissions on /wintouch. As Chris pointed out earlier, WTADMIN must have execute permission to the top of the tree. You seem to have investigated every corner except that one. (I'm no AS400 expert but there doesn't seem to be on on the Tomcat list other than you.) > Finally, for comparison, here are the corresponding results on our own > box, where there are no problems at all: > > > drwxrwsrwx 9 RABBIT0 8192 Nov 29 16:48 tomcat > > drwxrwsrwx 2 RABBIT 0 28672 Oct 18 13:19 bin > > -rw-rw-rw- 1 RABBIT 0 1961 Oct 18 13:19 startup.sh > and > > drwxrwsrwx 9 RABBIT0 24576 Nov 5 17:14 tomcat.bak > > drwxrwsrwx 2 RABBIT 0 28672 Jun 18 2012 bin > > -rw-rw-rw- 1 RABBIT 0 1961 Feb 14 2012 startup.sh > > I don't see any difference > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > signature.asc Description: This is a digitally signed message part
Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
On 12/6/13 6:56 PM, CRPence (on the Midrange Java List) wrote: The T-AF audit entry should log the object to which there was insufficient authority, then the chmod can be requested against that object to grant the necessary authority bits. The T-AF audit entry shows (and I'm no longer bothering to "change names to protect the innocent"): 1 'A*N*N*STMFQP0ZSPWP WTADMIN ' 00051 '280199WTADMIN ' 00101 '000 ' 00151 ' ' 00201 ' ' 00251 ' nP8 ry ' . . . 00801 ' nP8 ry QASP011USENU Y' 00851 ' /wintouch/tomcat/bin/startup.sh ' Which would seem to indicate that it's the startup shell script itself that has the authority problem. So looking at the paths using the QShell "ls" command, I get: cd /wintouch/tomcat/bin $ ls -l startup.sh -rw-rw-rw- 1 WTADMIN 0 1961 Oct 18 13:19 startup.sh for the 7.0.47 version, which has the authority failure, and cd /wintouch/tomcat.bak/bin $ ls -l startup.sh -rw-rw-rw- 1 WINTOUCH 0 1961 Jun 15 2012 startup.sh for the 7.0.25, which looks exactly the same, except for the owner and the date, and yet it works. The bin directory shows: drwxrwsrwx 2 WTADMIN 0 32768 Oct 18 13:19 bin for 7.0.47 (fails), and drwxrwsrwx 2 WINTOUCH 0 32768 Jun 15 2012 bin for 7.0.25 (works) The tomcat (7.0.47) and tomcat.bak (7.0.25) directories show: drwxrwsrwx 9 WTADMIN 0 12288 Dec 6 14:21 tomcat drwxrwsrwx 9 WINTOUCH 0 12288 Jun 15 2012 tomcat.bak Finally, for comparison, here are the corresponding results on our own box, where there are no problems at all: drwxrwsrwx 9 RABBIT0 8192 Nov 29 16:48 tomcat drwxrwsrwx 2 RABBIT 0 28672 Oct 18 13:19 bin -rw-rw-rw- 1 RABBIT 0 1961 Oct 18 13:19 startup.sh and drwxrwsrwx 9 RABBIT0 24576 Nov 5 17:14 tomcat.bak drwxrwsrwx 2 RABBIT 0 28672 Jun 18 2012 bin -rw-rw-rw- 1 RABBIT 0 1961 Feb 14 2012 startup.sh I don't see any difference - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
2013/12/7 James H. H. Lampert : > We've been systematically updating our customers from Tomcat 7.0.25 to > 7.0.47 this week, after we've determined that our webapp runs just fine on > 47, and 47 runs just fine on AS/400s. > > Until now. > > We have one customer box on which, if you launch Tomcat 7.0.25, it works > just fine. But if you try to launch 7.0.47 instead, it crashes on takeoff, > with this error message (directory name changed to protect the innocent): > >> qsh: 001-0018 Error found running command /foo/tomcat/bin/startup.sh. >> Permission denied. > The above error is printed by the shell, before Tomcat (java) even launches. Check your permissions. Note that if the logs directory is not writable, you wouldn't have any logs even if Tomcat crashes. > > Both of the Tomcat versions are within what I'm calling "foo"; I'm swapping > them in and out by changing the tomcat directory of the one I want active to > "tomcat," and the other to "tomcat.new" or "tomcat.bak." The authorities > look exactly the same, from one to the other, on the two Tomcat directories, > on the corresponding objects within the two directories, and on the > corresponding objects within their respective bin directories. > Just wondering, what do you mean by "objects"? Files? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 12/6/13, 7:59 PM, James H. H. Lampert wrote: > We've been systematically updating our customers from Tomcat 7.0.25 > to 7.0.47 this week, after we've determined that our webapp runs > just fine on 47, and 47 runs just fine on AS/400s. > > Until now. > > We have one customer box on which, if you launch Tomcat 7.0.25, it > works just fine. But if you try to launch 7.0.47 instead, it > crashes on takeoff, with this error message (directory name changed > to protect the innocent): > >> qsh: 001-0018 Error found running command >> /foo/tomcat/bin/startup.sh. Permission denied. > > Both of the Tomcat versions are within what I'm calling "foo"; I'm > swapping them in and out by changing the tomcat directory of the > one I want active to "tomcat," and the other to "tomcat.new" or > "tomcat.bak." The authorities look exactly the same, from one to > the other, on the two Tomcat directories, on the corresponding > objects within the two directories, and on the corresponding > objects within their respective bin directories. All the way up to root? I'm not sure about AS/400, but if a user does not have execute privileges for all directories from the root down to where the binary/script is, they can't execute it. > The only difference is ownership of objects: we have two accounts > on this particular box, and 7.0.25 is owned by the account I'm not > using today. But if ownership were the problem, then I would > expect 47 to work and 25 to crash on takeoff. > > For now, I've got that customer back on 7.0.25, but we've already > found that 7.0.47 seems to work a good deal better, so I want to > figure out what's the matter here. Can you give us some "proof" that all the permissions are the same, etc? I've often found that while preparing a message to this very list with a question about why something doesn't work, the mere assembly of all that information in one place leads me to the solution and I don't even have to post. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSopytAAoJEBzwKT+lPKRYl3QQAMmsCht4/rHPI3qPZGPHyQPQ aKXM+/rAC6QT+NwI/X3NYfWnkZ3Mfctslt5UGa5+88mIAQWRJ92f9S0TDIgXEPOt A9xaQdFDXmr6PDrXrHm8Rzk1ZKZhBztztCivP27kBA8xSdvpDzsPoSOKJVG4T2fH HDjNjjuQ5+MgqFkHKAdglqtJfEm9/CjnXu+Wwh5i8WvxiXJvheoHTw0J3Nj+YUYU zpPLHQSBg+9ZhPSMXhVc/9JWyA1olYfKyNm+7n9eIys2CV5GElONHcoTOb0GkTj4 xaz4BylCyA6lek9qreZ0NAsvZp9uGiqqjk8fwyTlDJ88+fhaeFTQFq63t4JcLDDX +R3jLHdI2yDL3oLrzwaKKMFKosCDejBsR9hoQEbTK3jlQqVv1dgguZP2AVrPp45P gn75msIQyEoV5n1CUobRYSMW/eOUjXJD95dKgaVu5AmdOmvTOBR/5Zowov3NfT0/ 0qTUcL7ZC5jHBopkfSuCQwtc37NWCqZGZ7mJHfxNz3vRUArfFXv1dbbw2KS2bYn+ hACe1zrfcXX1z3rTkcYCo5TYWDztDxvMA9OHLFXwkp7/yMm0kBcWM3SCBBmO5LbD CXEVWacFkssULmR0gc1UONCvk2X4UOFc8XinU0U5frHNk06wNS+fXUIeug4BB7+G 7cDPNK3BxGy/6zAG/t26 =w98T -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
On one particular box, Tomcat 7.0.25 runs just fine, but 7.0.47 crashes on takeoff -- some authority problem
We've been systematically updating our customers from Tomcat 7.0.25 to 7.0.47 this week, after we've determined that our webapp runs just fine on 47, and 47 runs just fine on AS/400s. Until now. We have one customer box on which, if you launch Tomcat 7.0.25, it works just fine. But if you try to launch 7.0.47 instead, it crashes on takeoff, with this error message (directory name changed to protect the innocent): qsh: 001-0018 Error found running command /foo/tomcat/bin/startup.sh. Permission denied. Both of the Tomcat versions are within what I'm calling "foo"; I'm swapping them in and out by changing the tomcat directory of the one I want active to "tomcat," and the other to "tomcat.new" or "tomcat.bak." The authorities look exactly the same, from one to the other, on the two Tomcat directories, on the corresponding objects within the two directories, and on the corresponding objects within their respective bin directories. The only difference is ownership of objects: we have two accounts on this particular box, and 7.0.25 is owned by the account I'm not using today. But if ownership were the problem, then I would expect 47 to work and 25 to crash on takeoff. For now, I've got that customer back on 7.0.25, but we've already found that 7.0.47 seems to work a good deal better, so I want to figure out what's the matter here. -- James H. H. Lampert Touchtone Corporation - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org