* J.P.Jarolim <[EMAIL PROTECTED]> [1217 11:17]: > java.security.AccessControlException: access denied (java.io.FilePermission > /home/.sites/143/site40/web/test.txt read) > We looked into the tomcat docs how to setup the security manager correctly > and looked into the tomcat.policy file > in the {tomcat.home}/conf dir just to see that everything was set correctly > (for us) from the site management utility: > ... > grant codeBase "file:/home/.sites/143/site40/web/-" { > permission SocketPermission "localhost:1024-", "listen,connect,resolve"; > permission java.util.PropertyPermission "*", "read,write"; > permission java.io.FilePermission "/home/.sites/143/site40/-", > "read,write,delete"; > permission java.lang.RuntimePermission "accessClassInPackage.sun.io"; > };
Does the class trying to read that directory live in : '/home/.sites/143/site40/web/-' ? I doubt it. I'm no expert, but that sounds wrong to me, unless the class files live there. The codebase parameter lists where the Java classes were loaded from. Writing to a direcotry you load code from is a bad idea unless you really need to. > <Host name="johannes.jarolim.com"> <!-- Site site40 --> > <Context path="" docBase="/home/.sites/143/site40/web" debug="0"/> > <!-- user web contexts --> > </Host> > grant codeBase "file:/home/.sites/143/site40/web/-" { > permission java.security.AllPermission; > }; I think your codeBase is wrong - try allowing all code to read it, just to check. Also, if you want security, you might want to think twice about running tomcat as root - it doesn't need to be IMO. -- Rasputin :: Jack of All Trades - Master of Nuns -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>