On Fri, Dec 8, 2017 at 11:25 AM, Christopher Schultz <ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Chris, > > On 12/7/17 2:08 PM, Chris Cheshire wrote: >> On Thu, Sep 7, 2017 at 5:30 PM, Christopher Schultz >> <ch...@christopherschultz.net> wrote: >>>> >>>> What should the permissions, owner & group be set to for >>>> CATALINA_HOME if I am running separate instances per user? >>> >>> It doesn't really matter. You just need to make sure that your >>> "users" can read the default config files -- especially >>> conf/web.xml and conf/tomcat.xml which usually shouldn't be >>> modified from their defaults anyway. >>> >>> I've always been irritated that the conf/ directory is only >>> readable by the owner in the tarball. Maybe I'll agitate to get >>> that changed, and only protect conf/server.xml and >>> conf/tomcat-users.xml in that way. >>> >> >> Resurrecting this .... >> >> I'm doing some cleanup and upgrading to 8.5.24. Previously I had >> copied the entire conf directory from HOME to BASE, and modifying >> files as necessary. Now I removed from BASE files I hadn't touched >> (web.xml, jaspic stuff etc), but subsequently get the following >> message in catalina.out >> >> INFO ... >> org.apache.catalina.startup.ContextConfig.getDefaultWebXmlFragment >> No global web.xml found >> >> All other startup succeeds but nothing is accessible, I just get a >> standard 404 when trying to access my web apps or even the manager >> app. There are no actual ERROR level messages though. >> >> Permissions are as follows : >> >> /usr/local/apache-tomcat-8.5.24/conf [root@s3 conf]# ls -al total >> 236 drwxr-x--- 2 root tomcat 4096 Nov 27 13:33 . drwxr-xr-x 9 >> root root 4096 Dec 7 16:30 .. -rw-r----- 1 root tomcat 13824 >> Nov 27 13:33 catalina.policy -rw-r----- 1 root tomcat 7376 Nov 27 >> 13:33 catalina.properties -rw-r----- 1 root tomcat 1338 Nov 27 >> 13:33 context.xml -rw-r----- 1 root tomcat 1149 Nov 27 13:33 >> jaspic-providers.xml -rw-r----- 1 root tomcat 2313 Nov 27 13:33 >> jaspic-providers.xsd -rw-r----- 1 root tomcat 3622 Nov 27 13:33 >> logging.properties -rw------- 1 root tomcat 7511 Nov 27 13:33 >> server.xml -rw------- 1 root tomcat 2164 Nov 27 13:33 >> tomcat-users.xml -rw-r----- 1 root tomcat 2633 Nov 27 13:33 >> tomcat-users.xsd -rw-r----- 1 root tomcat 169322 Nov 27 13:33 >> web.xml >> >> /home/sandbox1/tomcat/conf [sandbox1@s3 conf]$ ls -la total 32 >> drwxr-xr-x 3 sandbox1 sandbox1 4096 Dec 7 19:01 . drwxr-xr-x 10 >> sandbox1 sandbox1 4096 Dec 7 18:59 .. drwxr-xr-x 3 sandbox1 >> sandbox1 4096 Sep 7 16:50 Catalina -rw-r--r-- 1 sandbox1 sandbox1 >> 7407 Nov 2 01:58 catalina.properties -rw-r--r-- 1 sandbox1 >> sandbox1 1437 Sep 7 20:38 context.xml -rw-r--r-- 1 sandbox1 >> sandbox1 3770 Dec 7 18:46 logging.properties -rw-r--r-- 1 >> sandbox1 sandbox1 2522 Sep 7 20:29 server.xml >> >> My sandbox users belong to the 'tomcat' group (not using a >> 'tomcat' user though). I can cat web.xml with a sandbox user. (I >> tweaked the permissions from the defaults to allow sandbox users to >> read the default config) >> >> If I copy web.xml from HOME/conf to BASE/conf everything works >> again. So do I need to copy everything over from HOME/conf to >> BASE/conf even if I am not changing anything? > > I checked, and my CATALINA_BASE/conf contains the following: > > server.xml (required) > Catalina/ (and friends, optional) > tomcat-users.xml (optional) > web.xml (evidently required) > > We should probably allow web.xml to come from > CATALINA_HOME/conf/web.xml if it's not present in CATALINA_BASE/conf/. > I would have expected that to be allowed, but I guess it isn't. > > Can you file a BZ enhancement request? > > - -chris
Done. https://bz.apache.org/bugzilla/show_bug.cgi?id=61877 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org