|
Bugzilla – Full Text Bug Listing |
| Summary: | Tomcat6 does not have permissions to its own directories | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 11.3 | Reporter: | Forgotten User 1pB_qKHNU4 <forgotten_1pB_qKHNU4> |
| Component: | Java | Assignee: | E-mail List <bnc-team-java> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Major | ||
| Priority: | P2 - High | CC: | archie.cobbs, ciro.iriarte, fh, forgotten_Oh_tSrPrf-, jamesrome, kkaempf, meissner, rogers, zajec5 |
| Version: | Final | ||
| Target Milestone: | --- | ||
| Hardware: | i686 | ||
| OS: | openSUSE 11.3 | ||
| Whiteboard: | . maint:released:11.3:37066 | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Deadline: | 2010-11-23 | ||
|
Description
Forgotten User 1pB_qKHNU4
2010-07-26 00:51:51 UTC
This happens to me too. I realized that the /etc/sysconfig/j2ee or /etc/sysconfig/tomcat6 are missing too. > The work-around is quite simple.
>
> 1. Add g+w to the various tomcat /var and /srv directories
> 2. Remove /etc/tomcat6/Catalina and replace it with a symbolic link to
> /var/cahce/tomcat6/Catalina
I found it desirable to "chgrp tomcat" or "chown tomcat.tomcat" various files and directories. I also found it helpful to "g+s" the directories, allowing me to more easily add and edit files from a second account that had "tomcat" group membership.
I think the severity should be raised from "minor" to "normal". Tomcat and its demo files should work out-of-the-box, and the some of the changes needed to make it work are not obvious. Fair enough, it fits the definition of "regular issue, some loss of functionality under specific circumstances" and it's not easily documentable. Also corrected is the component. > I also have a suspicion that /etc/tomcat6/Catalina is supposed to be a symbolic > link to /var/cache/tomcat6/Catalina since the server attempts to write there. Yes, stupid mistake, will fix it. > > Expected Results: > Status display screen. > > The work-around is quite simple. > > 1. Add g+w to the various tomcat /var and /srv directories Does not know why the problem occurs - those dirs are packaged with 0775, so they has to be writable by a group. rpm -V does not complain, so it thinks everything is ok. (In reply to comment #1) > This happens to me too. > I realized that the /etc/sysconfig/j2ee or /etc/sysconfig/tomcat6 are missing > too. Having sysconfig and a tomcat.conf mades the tomcat configuration confusing, so only tomcat.conf is used - see bnc#471639. I have run into this also. I had to run: chmod 775 /usr/share/tomcat6/logs/ chmod 775 /usr/share/tomcat6/work/Catalina/ chmod 775 /usr/share/tomcat6/webapps/ to get things to work at all. *** Bug 637633 has been marked as a duplicate of this bug. *** I can confirm this issue with my openSUSE 11.3. I've installed default tomcat6 (6.0.24-4.2) and immediately updated it using openSUSE update repository to 6.0.24-5.1.1 (tomcat6-6.0.24-5.1.1.noarch). This resulted in following: # ls -l /var/log/ | grep tomcat drwxr-xr-x 2 root tomcat 4096 09-16 11:13 tomcat6 # grep Excep /var/log/tomcat6/catalina.out | head java.io.FileNotFoundException: /usr/share/tomcat6/logs/catalina.2010-09-16.log (Permission denied) java.io.FileNotFoundException: /usr/share/tomcat6/logs/localhost.2010-09-16.log (Permission denied) java.io.FileNotFoundException: /usr/share/tomcat6/logs/manager.2010-09-16.log (Permission denied) java.io.FileNotFoundException: /usr/share/tomcat6/logs/host-manager.2010-09-16.log (Permission denied) You can see it's about /usr/share/tomcta6/log, but: lrwxrwxrwx 1 root root 16 09-16 10:59 /usr/share/tomcat6/logs -> /var/log/tomcat6 So it's definitely issue with /var/log/tomcat6 privileges. I resolved these Exceptions by: # chmod g+w /var/log/tomcat6/ Hi all, the problem was the build system silently replaced the 0775 permissions of the locations to 0755, so tomcat has been installed without proper permissions. I fixed this by changing of the ownership of those files from root:tomcat to tomcat:tomcat, because I do not see any reason for having them writable for group. I also added %verify (not user group) to allow change of the default tomcat user. The fix is in Java:packages/tomcat6 (tomcat6-6.0.29) and I'll prepare a test package for 11.3 soon. Increasing a Severity to Major. Fixed tomcat6 is in home:mvyskocil:branches:openSUSE:11.3:Update:Test, please test (In reply to comment #9) > the problem was the build system silently replaced the 0775 permissions of the > locations to 0755, so tomcat has been installed without proper permissions. Is this something expected? Or maybe we should report this to OBS team to avoid similar problems in future? I think even if it's sth expected, OBS should generate some warning. It seems you didn't receive any? WTF? The build system should not be silently doing anything like that. If it doesn't like some permissions, the build should fail with an error rather than it "fixing" them for you and causing endless confusion and problems later -- which is exactly what happened in this case. (In reply to comment #10) > Fixed tomcat6 is in home:mvyskocil:branches:openSUSE:11.3:Update:Test, please > test I can't see a 11.3 branch in /repositories/home:/mvyskocil:/branches:/openSUSE: Am I looking in the right place? Also, will this fix stop deployment to /srv/tomcat6/webapps for users in the tomcat group? Generally, I'd like to not have to be root to deploy. Hi all,
finally I was able to find the real root of this problem. It is a changed/more strict semantics of %attr definition in %file list section in a spec file. Affected directories are defined like
%attr(0775,root,tomcat) %dir %{logdir}
The rpm(build) to 4.7.1 recognize the 0775 for %dir as a directory mode, even if specification says [1] it is file permission. In openSUSE 11.3 we have the more recent rpm 4.8.0 interprets this correctly, so in this case it use the directory mode from the closest %deffattr, which is 0755.
So fix is straightforward - collect all tomcat group writable directories under %defattr(-,root,tomcat,0775)
The new commit in home:mvyskocil:branches:openSUSE:11.3:Update:Test/tomcat6 [2] contains this fix and reverts back the previous ownership change, so nothing will changes in tomcat6.
A quick check
$ ls -ld /usr/share/tomcat6/logs/ /usr/share/tomcat6/work/Catalina/ /usr/share/tomcat6/webapps/ /var/cache/tomcat6/ /var/cache/tomcat6/* /srv/tomcat6/webapps/ /var/log/tomcat6/
drwxrwxr-x 8 root tomcat 89 Sep 22 14:34 /srv/tomcat6/webapps/
drwxrwxr-x 2 root tomcat 6 Sep 22 14:23 /usr/share/tomcat6/logs/
drwxrwxr-x 8 root tomcat 89 Sep 22 14:34 /usr/share/tomcat6/webapps/
drwxrwxr-x 3 root tomcat 22 Sep 22 14:34 /usr/share/tomcat6/work/Catalina/
drwxrwxr-x 4 root tomcat 32 Sep 22 14:34 /var/cache/tomcat6/
drwxrwxr-x 3 root tomcat 22 Sep 22 14:34 /var/cache/tomcat6/Catalina
drwxrwxr-x 2 root tomcat 6 Sep 22 14:23 /var/cache/tomcat6/temp
drwxrwxr-x 2 root tomcat 6 Sep 22 14:23 /var/log/tomcat6/
It has a fix of /etc/tomcat6/Catalina symlink too
lrwxrwxrwx 1 root root 27 Sep 22 14:34 Catalina -> /var/cache/tomcat6/Catalina
[1] http://www.rpm.org/max-rpm/s1-rpm-inside-files-list-directives.html
(In reply to comment #13)
> I can't see a 11.3 branch in /repositories/home:/mvyskocil:/branches:/openSUSE:
> Am I looking in the right place?
Sorry, forgot to publish. The download.o.o is dead right away so cannot check. Anyway the osc getbinaries home:mvyskocil:branches:openSUSE:11.3:Update:Test/tomcat6 will download the rpms using API.
maintenance: can I have a swampid for tomcat6 update for openSUSE 11.3?
(In reply to comment #14) > Sorry, forgot to publish. The download.o.o is dead right away so cannot check. > Anyway the osc getbinaries > home:mvyskocil:branches:openSUSE:11.3:Update:Test/tomcat6 will download the > rpms using API. It looks fixes RPM still isn't uploaded to http server. I wanted to use osc, but it needs me to have OBS account and I don't own one. Until the fixed package is released, this is a workaround for openSUSE 11.3 (SLES11 doesn't have this problem): chmod g+w $CATALINA_HOME/logs chmod g+w $CATALINA_HOME/webapps chmod g+w $CATALINA_HOME/temp chmod g+w $CATALINA_HOME/work chmod g+w $CATALINA_HOME/work/Catalina rm -rf /etc/tomcat6/Catalina ln -s $CATALINA_HOME/work/Catalina /etc/tomcat6/Catalina (In reply to comment #15) > It looks fixes RPM still isn't uploaded to http server. I wanted to use osc, > but it needs me to have OBS account and I don't own one. I copied rpms to ftp://ftp.suse.com/pub/people/mvyskocil/bnc625415 We should fix this annoying permission problem. +1 The SWAMPID for this issue is 36249. This issue was rated as low. Please submit fixed packages until 2010-11-02. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/36249 No one against, so starting update. Patchinfo and update 49890 has been submitted. did someone test the packages in the test repo? 16 days in the test repo should we enough, no negative feedback, so update released. Update released for: tomcat6, tomcat6-admin-webapps, tomcat6-docs-webapp, tomcat6-el-1_0-api, tomcat6-javadoc, tomcat6-jsp-2_1-api, tomcat6-lib, tomcat6-servlet-2_5-api, tomcat6-webapps Products: openSUSE 11.3 (i586) The fixed rpm for Tomcat 6.0.24-5.2.1 is broken. Yast2 cannot unpack it properly. Yes, I already got it in a different bug - bnc#650130. As a temporary workaround, please remove tomcat6 package (rpm -e tomcat6 --nodeps) and then update. *** Bug 650130 has been marked as a duplicate of this bug. *** The cpio issue has to be fixed in 11.3 too Hi maintenance, I'm so sorry, but I have a requst an another update of tomcat6 to 11.3 due the upgrade problem - cpio rename failed. I'll port the workaround for Factory (sr 51958) to 11.3. The 11.3 backport - sr#52409 ok from my sidse +1 The SWAMPID for this issue is 37044. This issue was rated as moderate. Please submit fixed packages until 2010-11-23. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/37044 Update started patchinfo submitted Update released for: tomcat6, tomcat6-admin-webapps, tomcat6-docs-webapp, tomcat6-el-1_0-api, tomcat6-javadoc, tomcat6-jsp-2_1-api, tomcat6-lib, tomcat6-servlet-2_5-api, tomcat6-webapps Products: openSUSE 11.3 (i586) This is an autogenerated message for OBS integration: This bug (625415) was mentioned in https://build.opensuse.org/request/show/49890 11.3:Test / tomcat6 https://build.opensuse.org/request/show/51345 Factory / tomcat6 |