tomcat not have write permission /usr/share/tomcat on RedHat 7 - java

When I try to install OpenAM 12.0.0 on Tomcat 7 in (RedHat)RHEL 7 I get an error that says Configurator does not have write access to /usr/share/tomcat.
I installed tomcat 7 through yum install tomcat and when the process finish it created a user tomcat and assign right permissions to tomcat group
ls -la /usr/share/tomcat
The tomcat is started with the user tomcat and I use to start this command service tomcat start.
The stranger thing is that the OpenAM setup can write inside of webapps, logs, conf, temp, work folders but can't write inside of /usr/share/tomcat/
I don't know if this is some problems with the way to RHEL 7 manage the permissions for tomcat or something like that.
Do you know any idea about this problem?

Finally I found the solution ^_^, the problem is related with the Security-Enhanced Linux (SELinux, so I ran the next command and the problem was solved:
semanage fcontext -a -t tomcat_var_lib_t "/usr/share/tomcat(/.*)?"
restorecon -rv /usr/share/tomcat
thanks guys for your comments, I really appreciate your help

I am not able to see the screen shot provided , my best guess will be that the group for /usr/share may be different than that of tomcat.
You can either of the two things
1) change the ownership of the directory in question chown -R /path to directory tomcat.tomcat
2) start tomcat service as sudo service tomcat restart
If neither works can you provide the error the ls -l out put for the directory in question.

That dot at the end of the permissions listing means you have an SELinux permission to contend with... see this question.
You can try temporarily disabling SELinux and seeing if it works. Or checking your audit logs.

Try this command on Tomcat file, then try once again.
chmod 755 /usr/share/tomcat

Related

Tomcat 9 does not allow to read file as string with 777 permission?

I have a java web application by Tomcat 9 servlet container which tries to read a file in /tmp folder with 777 permission on Ubuntu 18.04
ls -ltr /tmp/test.txt
-rwxrwxrwx 1 vagrant vagrant 10 Jan 3 17:03 /tmp/test.txt
The java code is:
try {
result = FileUtils.readFileToString(new File("/tmp/test.txt"));
} catch (IOException ex) {
log.info("##### Cannot read file. Reason: " + ex.getMessage());
}
But it always show the error
##### Cannot read file. Reason: File '/tmp/test.txt' does not exist
This test file can be opened fine by a normal user on a terminal window (example user: vagrant).
vagrant#ras:~$ cat /tmp/test.txt
EDIT: The exact same root issue can cause the slightly different symptom that the Tomcat Manager application cannot be used to deploy a war file located in /tmp. To help future internet searches, here's a typical error you might see in catalina.out when you are encountering this problem. The file /tmp/my_app.war is correctly readable by the user tomcat. Nonetheless you get this problem:
02-Apr-2021 22:25:20.254 SEVERE [http-nio-80-exec-4] org.apache.catalina.startup.ExpandWar.copy Error copying [/tmp/my_app.war] to [/var/lib/tomcat9/webapps/my_app.war]
java.io.FileNotFoundException: /tmp/my_app.war (No such file or directory)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at org.apache.catalina.startup.ExpandWar.copy(ExpandWar.java:276)
at org.apache.catalina.manager.ManagerServlet.deploy(ManagerServlet.java:1016)
Does anybody know about the problem with Tomcat 9? I'll need the java web application to read this test file as string.
I had to ask directly in tomcat users mailing list instead at http://tomcat.10.x6.nabble.com/Tomcat-9-does-not-allow-to-read-file-in-tmp-folder-with-777-permission-td5093298.html
What I needed to do is to update /lib/systemd/system/tomcat9.service and set PrivateTmp=yes to PrivateTmp=no. Then, run these 2 commands:
sudo systemctl daemon-reload
sudo systemctl restart tomcat9
After that, it works normally (my java web application can create folders in /tmp/ and read files from them).
Following the pattern described in this answer, it seems to me that this is perhaps a better way to de-privatize /tmp:
sudo systemctl edit tomcat9
Add these two lines then save:
[Service]
PrivateTmp=no
sudo systemctl daemon-reload
sudo systemctl restart tomcat9
Clearly, this is functionally equivalent to Bằng's answer. But it seems to me that the override file is intended for exactly this use case. So it seems this is a very clean technique.
For reference, the override file gets created here (on my Ubuntu 20.04 system):
/etc/systemd/system/tomcat9.service.d/override.conf
And the overrides can be removed easily if you decide to lock things down again later:
sudo systemctl revert tomcat9
I will rather make /etc/systemd/system/tomcat9.service.d/override.conf file content like that :
[Service]
ReadWritePaths=/tmp
PrivateTmp=no
As you might end up having an exception like this:
java.io.IOException: Read-only file system
at java.base/java.io.UnixFileSystem.createFileExclusively(Native Method)
at java.base/java.io.File.createTempFile(File.java:2129)
at java.base/java.io.File.createTempFile(File.java:2175)
...
When trying to create a temp file within your application.

Why tomcat wont start with Failed to start apache tomcat web server tomcat.service: Control process exited, code=exited status=203

What i wanted to do
I installed fresh linux Ubuntu 16.04 to setup a test developing environment.
I wanted to install
java 8
tomcat 8
So i applied this tutorial and know that i dont have any previously java or
tomcat installed before.
Tutorial for java 8 and tomcat 8
Tutorial 2 same as the before with some more little hints
What is the problem
When i reached the step of starting tomcat , it failed.
Failed to start apache tomcat web server tomcat.service: Control process exited, code=exited status=203.
How i tried to reproduce:
I followed the tutorial on a fresh virtual box on ubuntu 16.04.
And after i tried lot of the solution like the below:
Playing with chmod and permissions.
Un install and re install
Updating my ubuntu
Restarting my ubuntu
Reloading services
Double Quotation suggestions in .service paths in (/etc/systemd/system/tomcat.service).
Commenting CATALINA_HOME line in .service file in (/etc/systemd/system/tomcat.service).
Other googling solutions.
Solution:
From a very small comments from here ( Thanks for the hint )) )
After i got the fail i ran
You should run ‘journalctl -xn’ for more details about why Tomcat
failed to start. Thanks.
It gave me the main reason here is screen shot and notice in RED.
ALL PATHS WAS WRONG ==> So i had to fix about five places for the right path... check Number 2 in Orange check image .
JAVA_HOME PATH was wrong ==> so to change and find the correct one do this
Then change in tomcat.service
check this image again this time look at 1 in bold yellow it should point to JDK.
Result:
So, apparently i had the path wrong , and it WORKED.
Summary:
When applying some tutorial keep an eye when you extract tomcat or etc..
because it may differ.
alternatively you can just start tomcat by going to /path/to/tomcat/bin/ and running ./startup.sh
it will spit out all the variables it is using and you can configure your tomcat.service file accordingly.
MY OS: POP!_OS (linux)
For me it was because i pointed JAVA_HOME to the wrong location. i pointed it to the binary folder but it should just be the home directory where you installed java. heres the turtorial that i followed
https://www.vultr.com/docs/how-to-install-apache-tomcat-8-on-centos-7
it even helps you set up a tomcat user, although i changed just 3 variables. my entire systemd file is here
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
[Service]
Type=forking
Environment=JAVA_HOME=/usr/java/jre1.8.0_261 # i accidently had it /jre.../bin instead of just /jre
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
# the linked article had the entire thing in quotes?
# but only the value needs to be in quotes
Environment=CATALINA_OPTS='-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment=JAVA_OPTS='-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target

How to restart/start/stop tomcat as non-root when tomcat is running as service under root?

I have seen lots of tutorials and tips around running tomcat on centos/ubuntu/linux.
I am using centos image in aws to run tomcat.
I did NOT do sudo yum install tomcat7*. This would have created a tomcat service account under with tomcat run will run. The reason I did not do this is because I need to copy (scp) the war file into webapps directory and I cannot scp directly as tomcat user.
Instead, I created a tomcat user with password.
I downloaded the tar.gz, unzipped and moved tomcat into /usr/share/tomcat7.
Following the instructions by this blog, I edited /etc/rc.d/init.d/tomcat as follows.
!/bin/sh
# Tomcat init script for Linux.
#
# chkconfig: 2345 96 14
# description: The Apache Tomcat servlet/JSP container.
JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.79.x86_64
CATALINA_HOME=/usr/share/tomcat7
export JAVA_HOME CATALINA_HOME
exec $CATALINA_HOME/bin/catalina.sh $*
Then I executed the following commands
sudo chmod 755 /etc/rc.d/init.d/tomcat
sudo chkconfig --level 2345 tomcat on
I rebooted the machine and on startup tomcat is fired by root user.
I could also see the tomcat page showing corectly.
Now, I scp'ed my war into webapps directory (as tomcat user).
stopped the tomcat and restarted
sudo /etc/init.d/tomcat stop
sudo /etc/init.d/tomcat start
I get permission denied error when trying to write to catalina.out. This is because the catalina.out file is touched by root after centos reboot and now when I restarted tomcat as "tomcat" user, it does not have permission to write to it.
I changed the ownership on catalina.out (chown tomcat:tomcat catalina.out). After this change, I see tomcat starting and logging correctly.
Now the question is what is the right way to do it.
1) I will have jenkins jobs copying the war file to tomcat. so to restart the service, I need to sudo, which I cant from jenkins.
2) changing ownership of catalina.out is not right thing to do. if machine reboots, catalina.out is owned by tomcat and root cannot write to it. so there are problems of this catalina.out owned by either root or tomcat user.
Thanks for suggestions

tomcat8 & eclipse mars nightmare

I've tried many different approach for installing a Tomcat server over a Debian jessie distro, for using it as server for an ecplise mars IDE.
The only approach thats works for my debian is to install Tomacat straight from they repo.
And after some little tuning its seems that on localhost:8080 there is what I need (the page that says that tomcat works!).
After that I try to add it on Eclipse with the traditional steps suggested by many tutorial:
-adding xml and web tools support via INSTALL NEW SOFT
-adding the installing path folder to the server etc
Then when I start a new project and i try to add a server trough the "Servers" tab, the wizzard let me to choose the right server/adptor, but then there is some problem.
Instead of this:
I got this:
Where I cant edit the server's name and there a lack of a field, and no hope to hit finish or next. How can I spot where my problem is?
cheers
Don't try to use your installed copy of Tomcat. As has been mentioned in the comments, your normal user lacks ownership of its installed location, and the layout may have been changed by the Debian packaging in ways Eclipse can't predict. Download a tarball from Apache, unpack it, and use that--remember, this is for developing your app, and you should never do that in your production server installation.
You should also check the WTP Tomcat FAQ for other questions you might have.
I found this on ubuntu's forum and with some edit about the version (mine is tomcat 8) works!!!!
Thanks to all that point me in right direction
Here's the way I did it, it keeps the system tomcat and your own
personal tomcat instance separate.
Install tomcat as per normal: sudo apt-get install tomcat7
Install private instance support: sudo apt-get install tomcat7-user
Create local instance in your home folder:
tomcat7-instance-create -p 10080 -c 10005 mytomcat
Note: -p sets the port number (default is 8080) and -c is the control
port (default 8005), we set these so we don't compete with the main
installation of tomcat running as a service. "mytomcat" can be
anything you like, but it will create a directory by this name in your
home.
Now use the following to make Eclipse happy:
cd mytomcat
ln -s /usr/share/tomcat7/lib
ln -s /etc/tomcat7/policy.d/03catalina.policy conf/catalina.policy
ln -s /usr/share/tomcat7/bin/bootstrap.jar bin/bootstrap.jar
ln -s /usr/share/tomcat7/bin/tomcat-juli.jar bin/tomcat-juli.jar
mkdir -p common/classes;
mkdir -p server/classes;
mkdir -p shared/classes;
Now within Eclipse you can create a Tomcat v7.0 server and set the
installation directory as ~/mytomcat.
Note: common, server and shared classes could be links too, but I
wanted to keep the two separate.

Could not load the Tomcat server configuration

I have installed apache tomcat7 using sudo apt get in ubuntu. I have added apache tomcat 7 to eclipse using Windows > Preferences > Server > Runtime Environment.But when I'm starting the server from server view by right clicking the shown Tomcat v7.0 Server at localhost [Stopped,Republish]
It says:
Could not load the Tomcat server configuration at /Servers/Tomcat v7.0
Server at localhost-config. The configuration may be corrupt or
incomplete.
The path to tomcat7 that I've provided is /usr/share/tomcat7
I've just been encountering a very similar issue in Ubuntu while trying to get Eclipse Mars and Tomcat7 integrated because Eclipse was expecting the tomcat configuration files etc to be all in the same location, and with the necessary permissions to be able to change those files.
The following instructions from this blog article helped me in the end:
cd /usr/share/tomcat7
sudo ln -s /var/lib/tomcat7/conf conf
sudo ln -s /var/log/tomcat7 log
sudo ln -s /etc/tomcat7/policy.d/03catalina.policy conf/catalina.policy
sudo chmod -R a+rwx /usr/share/tomcat7/conf
I've just solved this exact problem on my Ubuntu 14.04 with Eclipse Mars 2.
This could happen when Eclipse is not finding Tomcat's configuration files where they are expected to be. This place is in
$eclipse_workspace_folder/$version_of_your_tomcat_server_at_localhost/
(by default if you didn't changed server's name). So you have to copy all the files under your $tomcat_installation_folder/conf/* to the workspace server's folder.
But it was easier to just remove the server from your server list and add it again. Eclipse will automatically recreate all these files again into the proper folders. Like in the picture below:
In my case I've downloaded tomcat-8.0.35 from the website, so the configuration files needed are in /opt/apache-tomcat-8.0.35/conf/ filesystem.
Just delete the desired server from the Servers view (Window -> Show View -> Servers) and then go to Window -> Preferences -> Server -> Runtime Environment -> Add and add the server again.
You can install tomcat7 in ~/tomcat7 instead of /usr/share/tomcat7.
Close Eclipse.
Delete org.eclipse.wst.server.core.prefs and org.eclipse.jst.server.tomcat.core.prefs in {workspace-directory}/.metadata/.plugins/org.eclipse.core.runtime/.settings.
Launch Eclipse.
Go to Window->Show View->Other... and choose the Servers.
Select Tomcat v7.0 Server from the server type and press Next.
Enter /home/user/tomcat7 (not /usr/share/tomcat7) into the "Tomcat installation directory" and press Download.
Wait a few minutes and press Finish.
tomcat7 worked correctly with Eclipse 4.4 on my Ubuntu 15.04 in this way.
I know it's an old question and it has been solved already but for me the Tomcat conf/tomcat-users.xml file was created with a different encoding from the rest of the configuration files. The first line of that file looked like this:
<?xml version='1.0' encoding='cp65001'?>
All I had to do to solve the issue was change that line for:
<?xml version="1.0" encoding="UTF-8"?>
And voila.
I have no idea what 'cp65001' means or why it was created like that.
Maybe this will help other users facing the same issue.
The application is trying to load /usr/share/tomcat7/conf/ which doesn't exist. Eclipse assumes conf is in the same directory as bin
In Ubuntu, conf is placed in /etc/tomcat7/ and there is a symbolic link in /var/lib/tomcat7/.
To solve this, you can either
Download package from Apache Tomcat, and place them in a specific directory, say /opt/ or
Create a symbolic link in /usr/share/tomcat7/ pointing to /etc/tomcat7/conf
A quick solution in eclipse to resolve when Tomcat could not load as per the following error:
Just refresh the Tomcat folder should do the trick. If it still does not work, delete all files in eclipse under the Tomcat folder, re-copy the server files then refresh the Tomcat folder. Tomcat should restart correctly after that.
I have Windows 8.1, Eclipse Neon, Tomcat 8.
The solution is to copy all the files from folder ".../Tomcatxxx/conf" to the ".../Workspace_directory/Servers" and try to launch server again.
You tried to start Tomcat and got the following error:
Could not load the Tomcat server configuration at /Servers/Tomcat v7.0 Server at localhost-config. The configuration may be corrupt or incomplete
How to solve:
Close Eclipse
Copy all files from TOMCAT_7_HOME/conf to WORKSPACE_FOLDER/Servers/Tomcat v7.0 Server at localhost-config
Start Eclipse
Expand the Servers project, click on the Tomcat 7 project and hit F5
Start Tomcat from Eclipse
I know it's been a while since this question was posted, but I was just getting this exact error, and I have a really simple solution that MIGHT work for some. All I did was double click on the folder 'Servers', which then allowed me to start the server with no error message. Sometimes the solution is right in front of your eyes. This might work for some people like me who go straight to google without trying fix the issue themselves!
on Centos 7, this will do it, for Tomcat 7 :
(my tomcat install dir: opt/apache-tomcat-7.0.79)
mkdir /var/lib/tomcat7
cd /var/lib/tomcat7
sudo ln -s /opt/apache-tomcat-7.0.79/conf conf
mkdir /var/log/tomcat7
cd /var/log/tomcat7
sudo ln -s /opt/apache-tomcat-7.0.79/logs log
not sure the log link is necessary, the configuration is the critical one.
:
Had the same issue with Kepler (after trying to add a Tomcat 7 server).
Whilst adding the server I opted to install the Tomcat binary using the download/install feature inside Eclipse. I added the server without adding any apps. After the install I tried adding an app and got the error.
I immediately deleted the Tomcat 7 server from Eclipse then repeated the same steps to add Tomcat 7 back in (obviously skipping the download/install step as the binary was downloaded first time around).
After adding Tomcat 7 a second time I tried adding / publishing an app and it worked fine. Didn't bother with any further RCA, it started working and that was good enough for me.
I had the same problem in Eclipse Oxygen with Tomcat 8 in ubuntu 16.04 LTS.
Solution:
1. Give permission to entire tomcat folder (chmod 777 -R /Tomcat)
2. Delete and re-add the server in eclipse
3. Restart eclipse
4. Start the tomcat server. It will work..........
In the Servers tab of eclipse, go to the properties of the server and Switch location to latest downloaded tomcat version.
This resolved the issue for me.
Tomcat Server Properties
I solved this problem. DON'T USE THE .exe
Unistall Tomcat and download the .zip from Tomcat's web site. Then unpack and put it in C:\Program Files. Open Eclipse and set the server. it will work.

Categories