On Mon, 2013-12-09 at 11:00 -0800, James H. H. Lampert wrote: > On 12/6/13 6:56 PM, CRPence (on the Midrange Java List) wrote: > >The T-AF audit entry should log the object to which there > > was insufficient authority, then the chmod can be requested against that > > object to grant the necessary authority bits. > > The T-AF audit entry shows (and I'm no longer bothering to "change names > to protect the innocent"): > > > 00001 'A*N *N *STMF QP0ZSPWP WTADMIN ' > > 00051 '280199 WTADMIN 0000' > > 00101 '000 ' > > 00151 ' ' > > 00201 ' ' > > 00251 ' nP8 ry ' > . . . > > 00801 ' nP8 ry QASP01 00001 USENU Y ' > > 00851 ' /wintouch/tomcat/bin/startup.sh ' > > Which would seem to indicate that it's the startup shell script itself > that has the authority problem. > > So looking at the paths using the QShell "ls" command, I get: > > > cd /wintouch/tomcat/bin > > $ > > ls -l startup.sh > > -rw-rw-rw- 1 WTADMIN 0 1961 Oct 18 13:19 startup.sh > for the 7.0.47 version, which has the authority failure, and > > cd /wintouch/tomcat.bak/bin > > $ > > ls -l startup.sh > > -rw-rw-rw- 1 WINTOUCH 0 1961 Jun 15 2012 startup.sh > for the 7.0.25, which looks exactly the same, except for the owner and > the date, and yet it works. > > The bin directory shows: > > drwxrwsrwx 2 WTADMIN 0 32768 Oct 18 13:19 bin > for 7.0.47 (fails), and > > drwxrwsrwx 2 WINTOUCH 0 32768 Jun 15 2012 bin > for 7.0.25 (works) > > The tomcat (7.0.47) and tomcat.bak (7.0.25) directories show: > > drwxrwsrwx 9 WTADMIN 0 12288 Dec 6 14:21 tomcat > > drwxrwsrwx 9 WINTOUCH 0 12288 Jun 15 2012 tomcat.bak >
What about execute permissions on /wintouch. As Chris pointed out earlier, WTADMIN must have execute permission to the top of the tree. You seem to have investigated every corner except that one. (I'm no AS400 expert but there doesn't seem to be on on the Tomcat list other than you.) > Finally, for comparison, here are the corresponding results on our own > box, where there are no problems at all: > > > drwxrwsrwx 9 RABBIT 0 8192 Nov 29 16:48 tomcat > > drwxrwsrwx 2 RABBIT 0 28672 Oct 18 13:19 bin > > -rw-rw-rw- 1 RABBIT 0 1961 Oct 18 13:19 startup.sh > and > > drwxrwsrwx 9 RABBIT 0 24576 Nov 5 17:14 tomcat.bak > > drwxrwsrwx 2 RABBIT 0 28672 Jun 18 2012 bin > > -rw-rw-rw- 1 RABBIT 0 1961 Feb 14 2012 startup.sh > > I don't see any difference > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
signature.asc
Description: This is a digitally signed message part