Re: [Users] permission problem on tomcat5.5 and apache

Tue, 29 Apr 2008 12:43:03 -0700 

Op 29 apr 2008, om 15:12 heeft Rui Guerra het volgende geschreven:
Thanks André for your answers. I added the permissions you mentioned to /etc/tomcat5/policy.d/04webapps.policy but it did not work. So for now I will use TOMCAT5_SECURITY=no 

Hmm, I think I added them to 'catalina.policy'. But I'm not sure.


To fixe the missing library problem the following 2 lines were added  
to /etc/default/tomcat5.5



LD_LIBRARY_PATH=/lib:/usr/lib/:/lib/i486-linux-gnu:/usr/lib/i486- 
linux-gnu:/lib/i486-linux-gnu:/usr/lib/i486-linux-gnu:/usr/lib/jvm/ 
java-1.5.0-sun/jre/lib/i386:/usr/local/lib

export LD_LIBRARY_PATH


mmbase is up and running although in an insecure environment.  
Whenever I find out the write permissions I will post them here.



A bit insecure, I would say. Not very when you compare it to a lot of  
other OS's. As long as you don't start Tomcat as root you'll be fine ;-)


---André






Thanks, for your help.

On Apr 28, 2008, at 11:10 PM, André van Toly wrote:


Op 28 apr 2008, om 17:36 heeft Rui Guerra het volgende geschreven:

Thanks for your comment Michiel.


Since it is a development server, I turn off the security by  
setting TOMCAT5_SECURITY=no at /etc/default/tomcat5.5



Related to your former (security) problem: have you studied the  
Tomcat Security Manager?

http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html


I needed to configure them once in a 'catalina.policy' file to be  
able to run MMBase with Tomcat on Debian, but I am not sure whether  
these are still correct:



// ========== MMBase CODE PERMISSIONS  
=========================================

grant {
  permission java.lang.RuntimePermission  "createClassLoader";
  permission java.lang.RuntimePermission  "createSecurityManager";
  permission java.lang.RuntimePermission  "setIO";
  permission java.net.NetPermission       "specifyStreamHandler";
  permission java.util.PropertyPermission "user.dir", "read";

  permission java.util.PropertyPermission  
"java.rmi.server.hostname", "write";

};



I do get a different exception now, related with libawt.so or  
libmlib_image.so which I actually have both in the right location.  
Any help is highly appreciated.



I think Java/Tomcat needs permissions to access these two.  
Something your sysadmin should help you with I believe. As was  
mentioned before: Debian's security settings are rather strict.


---André







<code>
exception


javax.servlet.ServletException: /usr/lib/jvm/java-1.5.0- 
sun-1.5.0.15/jre/lib/i386/libawt.so: libmlib_image.so: cannot open  
shared object file: No such file or directory
	 
org 
.apache 
.jasper 
.runtime 
.PageContextImpl.doHandlePageException(PageContextImpl.java:841)
	 
org 
.apache 
.jasper 
.runtime.PageContextImpl.handlePageException(PageContextImpl.java: 
774)

        org.apache.jsp.index_jsp._jspService(index_jsp.java:211)
        org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

	 
org 
.apache 
.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java: 
331)
	 
org 
.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java: 
329)

        org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

root cause


java.lang.UnsatisfiedLinkError: /usr/lib/jvm/java-1.5.0- 
sun-1.5.0.15/jre/lib/i386/libawt.so: libmlib_image.so: cannot open  
shared object file: No such file or directory

        java.lang.ClassLoader$NativeLibrary.load(Native Method)
        java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1751)
        java.lang.ClassLoader.loadLibrary(ClassLoader.java:1668)
        java.lang.Runtime.loadLibrary0(Runtime.java:822)
        java.lang.System.loadLibrary(System.java:993)

	sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java: 
50)

        java.security.AccessController.doPrivileged(Native Method)
        sun.awt.NativeLibLoader.loadLibraries(NativeLibLoader.java:38)
        sun.awt.DebugHelper.<clinit>(DebugHelper.java:29)
        java.awt.Cursor.<clinit>(Cursor.java:167)

	javax.swing.text.html.HTMLEditorKit.<clinit>(HTMLEditorKit.java: 
586)
	 
org 
.mmbase 
.util 
.transformers 
.TagStripperFactory.createTransformer(TagStripperFactory.java:70)
	org.mmbase.bridge.jsp.taglib.ContentTag.readXML(ContentTag.java: 
225)
	 
org.mmbase.bridge.jsp.taglib.ContentTag.initialize(ContentTag.java: 
161)
	org.mmbase.bridge.jsp.taglib.ContentTag.access 
$600(ContentTag.java:44)
	org.mmbase.bridge.jsp.taglib.ContentTag 
$2.onChange(ContentTag.java:81)
	org.mmbase.bridge.jsp.taglib.ContentTag.<clinit>(ContentTag.java: 
86)
	sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native  
Method)
	 
sun 
.reflect 
.NativeConstructorAccessorImpl 
.newInstance(NativeConstructorAccessorImpl.java:39)
	 
sun 
.reflect 
.DelegatingConstructorAccessorImpl 
.newInstance(DelegatingConstructorAccessorImpl.java:27)

        java.lang.reflect.Constructor.newInstance(Constructor.java:494)
        java.lang.Class.newInstance0(Class.java:350)
        java.lang.Class.newInstance(Class.java:303)

	org.apache.jasper.runtime.TagHandlerPool.get(TagHandlerPool.java: 
117)

        org.apache.jsp.index_jsp._jspService(index_jsp.java:58)
        org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

	 
org 
.apache 
.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java: 
331)
	 
org 
.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java: 
329)

        org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
</code>

On Apr 23, 2008, at 6:05 PM,  Meeuwissen wrote:


2008/4/23, Rui Guerra <[EMAIL PROTECTED]>:

I just downloaded mmbase and tried to install it in a server  
with a fresh

installation of tomcat5.5 and apache (ubuntu).


I've encountered a permission problem. I suspected that is not  
related to

mmbase but some security policy of apache/tomcat. Any ideas?


The default security settings for tomcat in debian (so I suppose in
ubuntu) too are pretty restrictive.  Indeed too much so for MMBase.


A minimal security.properties is available somewhere, but my  
advice is
to simly download tomcat, drop it into /opt and ignore the .deb.  
The

default security manager of tomcat is permissive enough (eh, it may
equal to no security manager).

Michiel

--
mihxil'  http://meeuw.org
nl_NL eo_XX en_US
_______________________________________________
Users mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/users


_______________________________________________
Users mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/users


--
André van Toly
MMBase development & Userfriendly webdesign

W: http://www.toly.nl
M: +31(0)627233562

------------------------------------------------------------------ 
~~<<>>~~


_______________________________________________
Users mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/users


_______________________________________________
Users mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/users



--
André van Toly
MMBase development & Userfriendly webdesign

W: http://www.toly.nl
M: +31(0)627233562

------------------------------------------------------------------ 
~~<<>>~~


_______________________________________________
Users mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/users






















					Reply via email to