Le 22/06/2020 à 18:43, Brian a écrit :

> I'm not really an expert with Linux. It would seem to me that the "adm" group 
> (to which syslog seems to belong) lacks a write permission

Indeed, rsyslog in Ubuntu runs as syslog:adm and needs special
permissions to write to /var/log/tomcat9. This issue should be reported
to Ubuntu.

The tomcat9 package in Debian isn't affected by this issue because
rsyslogd runs as root.

> OK, I did it and the write permission was added to the adm group. I restarted 
> Tomcat.... and it worked, the catalina.out file got created! However, after I 
> restarted the whole Ubuntu, I discovered that the permissions went back to 
> how there were (not write for adm). Why is that?

The permissions on this directory are managed by systemd-tmpfiles. The
tomcat9 package defines the expected permissions in
/usr/lib/tmpfiles.d/tomcat9.conf and the permissions are enforced when
the system starts.

It's possible to override the default settings, you have to copy the
configuration file to /etc/tmpfiles.d/ and change the permissions on
/var/log/tomcat9 from 2750 to 2760:

  cp /usr/lib/tmpfiles.d/tomcat9.conf /etc/tmpfiles.d/
  sed -i s/2750/2760/ /etc/tmpfiles.d/tomcat9.conf

The write permissions for the adm group will then be persistent.

> In any case, why is this permission required in my new VPS, if the old one 
> lacks it and catalina.out works perfectly?

I guess your older VPS had the tomcat8 package installed. The tomcat9
package is different as it leverages several systemd features to improve
the security and the reliability.

Emmanuel Bourg

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to