Re: [Users] permission problem on tomcat5.5 and apache

Tue, 29 Apr 2008 06:12:35 -0700

Thanks André for your answers. I added the permissions you mentioned to /etc/tomcat5/policy.d/04webapps.policy but it did not work. So for now I will use TOMCAT5_SECURITY=no
To fixe the missing library problem the following 2 lines were added to /etc/default/tomcat5.5 


LD_LIBRARY_PATH=/lib:/usr/lib/:/lib/i486-linux-gnu:/usr/lib/i486-linux- 
gnu:/lib/i486-linux-gnu:/usr/lib/i486-linux-gnu:/usr/lib/jvm/ 
java-1.5.0-sun/jre/lib/i386:/usr/local/lib

export LD_LIBRARY_PATH


mmbase is up and running although in an insecure environment. Whenever  
I find out the write permissions I will post them here.


Thanks, for your help.

On Apr 28, 2008, at 11:10 PM, André van Toly wrote:


Op 28 apr 2008, om 17:36 heeft Rui Guerra het volgende geschreven:

Thanks for your comment Michiel.


Since it is a development server, I turn off the security by  
setting TOMCAT5_SECURITY=no at /etc/default/tomcat5.5



Related to your former (security) problem: have you studied the  
Tomcat Security Manager?

http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html


I needed to configure them once in a 'catalina.policy' file to be  
able to run MMBase with Tomcat on Debian, but I am not sure whether  
these are still correct:



// ========== MMBase CODE PERMISSIONS  
=========================================

grant {
   permission java.lang.RuntimePermission  "createClassLoader";
   permission java.lang.RuntimePermission  "createSecurityManager";
   permission java.lang.RuntimePermission  "setIO";
   permission java.net.NetPermission       "specifyStreamHandler";
   permission java.util.PropertyPermission "user.dir", "read";

   permission java.util.PropertyPermission  
"java.rmi.server.hostname", "write";

};



I do get a different exception now, related with libawt.so or  
libmlib_image.so which I actually have both in the right location.  
Any help is highly appreciated.



I think Java/Tomcat needs permissions to access these two. Something  
your sysadmin should help you with I believe. As was mentioned  
before: Debian's security settings are rather strict.


---André







<code>
exception


javax.servlet.ServletException: /usr/lib/jvm/java-1.5.0- 
sun-1.5.0.15/jre/lib/i386/libawt.so: libmlib_image.so: cannot open  
shared object file: No such file or directory
	 
org 
.apache 
.jasper 
.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java: 
841)
	 
org 
.apache 
.jasper 
.runtime.PageContextImpl.handlePageException(PageContextImpl.java: 
774)

        org.apache.jsp.index_jsp._jspService(index_jsp.java:211)
        org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

	 
org 
.apache 
.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
	 
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java: 
329)

        org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

root cause


java.lang.UnsatisfiedLinkError: /usr/lib/jvm/java-1.5.0- 
sun-1.5.0.15/jre/lib/i386/libawt.so: libmlib_image.so: cannot open  
shared object file: No such file or directory

        java.lang.ClassLoader$NativeLibrary.load(Native Method)
        java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1751)
        java.lang.ClassLoader.loadLibrary(ClassLoader.java:1668)
        java.lang.Runtime.loadLibrary0(Runtime.java:822)
        java.lang.System.loadLibrary(System.java:993)
        sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:50)
        java.security.AccessController.doPrivileged(Native Method)
        sun.awt.NativeLibLoader.loadLibraries(NativeLibLoader.java:38)
        sun.awt.DebugHelper.<clinit>(DebugHelper.java:29)
        java.awt.Cursor.<clinit>(Cursor.java:167)
        javax.swing.text.html.HTMLEditorKit.<clinit>(HTMLEditorKit.java:586)

	 
org 
.mmbase 
.util 
.transformers 
.TagStripperFactory.createTransformer(TagStripperFactory.java:70)

        org.mmbase.bridge.jsp.taglib.ContentTag.readXML(ContentTag.java:225)

	org.mmbase.bridge.jsp.taglib.ContentTag.initialize(ContentTag.java: 
161)
	org.mmbase.bridge.jsp.taglib.ContentTag.access$600(ContentTag.java: 
44)
	org.mmbase.bridge.jsp.taglib.ContentTag$2.onChange(ContentTag.java: 
81)

        org.mmbase.bridge.jsp.taglib.ContentTag.<clinit>(ContentTag.java:86)

	sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native  
Method)
	 
sun 
.reflect 
.NativeConstructorAccessorImpl 
.newInstance(NativeConstructorAccessorImpl.java:39)
	 
sun 
.reflect 
.DelegatingConstructorAccessorImpl 
.newInstance(DelegatingConstructorAccessorImpl.java:27)

        java.lang.reflect.Constructor.newInstance(Constructor.java:494)
        java.lang.Class.newInstance0(Class.java:350)
        java.lang.Class.newInstance(Class.java:303)

	org.apache.jasper.runtime.TagHandlerPool.get(TagHandlerPool.java: 
117)

        org.apache.jsp.index_jsp._jspService(index_jsp.java:58)
        org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

	 
org 
.apache 
.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
	 
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java: 
329)

        org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
</code>

On Apr 23, 2008, at 6:05 PM,  Meeuwissen wrote:


2008/4/23, Rui Guerra <[EMAIL PROTECTED]>:

I just downloaded mmbase and tried to install it in a server with  
a fresh

installation of tomcat5.5 and apache (ubuntu).


I've encountered a permission problem. I suspected that is not  
related to

mmbase but some security policy of apache/tomcat. Any ideas?


The default security settings for tomcat in debian (so I suppose in
ubuntu) too are pretty restrictive.  Indeed too much so for MMBase.


A minimal security.properties is available somewhere, but my  
advice is

to simly download tomcat, drop it into /opt and ignore the .deb. The
default security manager of tomcat is permissive enough (eh, it may
equal to no security manager).

Michiel

--
mihxil'  http://meeuw.org
nl_NL eo_XX en_US
_______________________________________________
Users mailing list
Users@lists.mmbase.org
http://lists.mmbase.org/mailman/listinfo/users


_______________________________________________
Users mailing list
Users@lists.mmbase.org
http://lists.mmbase.org/mailman/listinfo/users


--
André van Toly
MMBase development & Userfriendly webdesign

W: http://www.toly.nl
M: +31(0)627233562

------------------------------------------------------------------ 
~~<<>>~~


_______________________________________________
Users mailing list
Users@lists.mmbase.org
http://lists.mmbase.org/mailman/listinfo/users


_______________________________________________
Users mailing list
Users@lists.mmbase.org
http://lists.mmbase.org/mailman/listinfo/users






















					Reply via email to