* J.P.Jarolim <[EMAIL PROTECTED]> [1217 11:17]:
> java.security.AccessControlException: access denied (java.io.FilePermission
> /home/.sites/143/site40/web/test.txt read)
> We looked into the tomcat docs how to setup the security manager correctly
> and looked into the tomcat.policy file
> in the {tomcat.home}/conf dir just to see that everything was set correctly
> (for us) from the site management utility:
> ...
> grant codeBase "file:/home/.sites/143/site40/web/-" {
> permission SocketPermission "localhost:1024-", "listen,connect,resolve";
> permission java.util.PropertyPermission "*", "read,write";
> permission java.io.FilePermission "/home/.sites/143/site40/-",
> "read,write,delete";
> permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
> };
Does the class trying to read that directory live in :
'/home/.sites/143/site40/web/-' ? I doubt it.
I'm no expert, but that sounds wrong to me, unless the class files live
there. The codebase parameter lists where the Java classes were
loaded from. Writing to a direcotry you load code from is a bad idea
unless you really need to.
> <Host name="johannes.jarolim.com"> <!-- Site site40 -->
> <Context path="" docBase="/home/.sites/143/site40/web" debug="0"/>
> <!-- user web contexts -->
> </Host>
> grant codeBase "file:/home/.sites/143/site40/web/-" {
> permission java.security.AllPermission;
> };
I think your codeBase is wrong - try allowing all code to read it, just to
check.
Also, if you want security, you might want to think twice about running
tomcat as root - it doesn't need to be IMO.
--
Rasputin :: Jack of All Trades - Master of Nuns
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
