-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Chris,
On 12/7/17 2:08 PM, Chris Cheshire wrote: > On Thu, Sep 7, 2017 at 5:30 PM, Christopher Schultz > <ch...@christopherschultz.net> wrote: >>> >>> What should the permissions, owner & group be set to for >>> CATALINA_HOME if I am running separate instances per user? >> >> It doesn't really matter. You just need to make sure that your >> "users" can read the default config files -- especially >> conf/web.xml and conf/tomcat.xml which usually shouldn't be >> modified from their defaults anyway. >> >> I've always been irritated that the conf/ directory is only >> readable by the owner in the tarball. Maybe I'll agitate to get >> that changed, and only protect conf/server.xml and >> conf/tomcat-users.xml in that way. >> > > Resurrecting this .... > > I'm doing some cleanup and upgrading to 8.5.24. Previously I had > copied the entire conf directory from HOME to BASE, and modifying > files as necessary. Now I removed from BASE files I hadn't touched > (web.xml, jaspic stuff etc), but subsequently get the following > message in catalina.out > > INFO ... > org.apache.catalina.startup.ContextConfig.getDefaultWebXmlFragment > No global web.xml found > > All other startup succeeds but nothing is accessible, I just get a > standard 404 when trying to access my web apps or even the manager > app. There are no actual ERROR level messages though. > > Permissions are as follows : > > /usr/local/apache-tomcat-8.5.24/conf [root@s3 conf]# ls -al total > 236 drwxr-x--- 2 root tomcat 4096 Nov 27 13:33 . drwxr-xr-x 9 > root root 4096 Dec 7 16:30 .. -rw-r----- 1 root tomcat 13824 > Nov 27 13:33 catalina.policy -rw-r----- 1 root tomcat 7376 Nov 27 > 13:33 catalina.properties -rw-r----- 1 root tomcat 1338 Nov 27 > 13:33 context.xml -rw-r----- 1 root tomcat 1149 Nov 27 13:33 > jaspic-providers.xml -rw-r----- 1 root tomcat 2313 Nov 27 13:33 > jaspic-providers.xsd -rw-r----- 1 root tomcat 3622 Nov 27 13:33 > logging.properties -rw------- 1 root tomcat 7511 Nov 27 13:33 > server.xml -rw------- 1 root tomcat 2164 Nov 27 13:33 > tomcat-users.xml -rw-r----- 1 root tomcat 2633 Nov 27 13:33 > tomcat-users.xsd -rw-r----- 1 root tomcat 169322 Nov 27 13:33 > web.xml > > /home/sandbox1/tomcat/conf [sandbox1@s3 conf]$ ls -la total 32 > drwxr-xr-x 3 sandbox1 sandbox1 4096 Dec 7 19:01 . drwxr-xr-x 10 > sandbox1 sandbox1 4096 Dec 7 18:59 .. drwxr-xr-x 3 sandbox1 > sandbox1 4096 Sep 7 16:50 Catalina -rw-r--r-- 1 sandbox1 sandbox1 > 7407 Nov 2 01:58 catalina.properties -rw-r--r-- 1 sandbox1 > sandbox1 1437 Sep 7 20:38 context.xml -rw-r--r-- 1 sandbox1 > sandbox1 3770 Dec 7 18:46 logging.properties -rw-r--r-- 1 > sandbox1 sandbox1 2522 Sep 7 20:29 server.xml > > My sandbox users belong to the 'tomcat' group (not using a > 'tomcat' user though). I can cat web.xml with a sandbox user. (I > tweaked the permissions from the defaults to allow sandbox users to > read the default config) > > If I copy web.xml from HOME/conf to BASE/conf everything works > again. So do I need to copy everything over from HOME/conf to > BASE/conf even if I am not changing anything? I checked, and my CATALINA_BASE/conf contains the following: server.xml (required) Catalina/ (and friends, optional) tomcat-users.xml (optional) web.xml (evidently required) We should probably allow web.xml to come from CATALINA_HOME/conf/web.xml if it's not present in CATALINA_BASE/conf/. I would have expected that to be allowed, but I guess it isn't. Can you file a BZ enhancement request? - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloqvQ4dHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFgZPw/5AZZr1yfSnTLlOh6W YVJXRPWnbXonNaVrPw0oBbwCv8c3EJuzKCwPdex8LW2ODCuCzveIqwNEh2KoKV0K W6qENepo2Fws0DYdW4r24kfENV/L7EU6ysCPdyWytg03XzhMkV++6BvrKdbd8mBx OvXH4QB1O4iuKs0fPei1QiOIhI51i4noyoswEDwYWEr77ES0kqedLf4E6TMxqbbc R49WkovgxwiN1QsW8mHCoaManCdsXhbsRKcrqsHQORf+9Pv5uQNDKSlUFEvNOSf2 Pjc5qxJRkcflmmoSvMamwfWyCAoQIdLXeEzepb+ma5KnFyqk3AAs7PY8oj/dMLrI VSXbQblBZaEMx8OZ14mnQncofGRuoVCNB2kDaFsgsrldpbDX6RO/j+pPcstO2K24 QctgptCeOL6b4IBSl1Fzj2ZxcHxhMQKgzPAjyEyqJiv9UbYkuUJwUFXTH9xb97wT 9EIQYf88F8yUDBmSIVjBOSvXQOIQAOUA5kp/PKsk/CgNGpNTZsbJHy/NzCF3XS7W VPrzzonxTJG2s+7+tCrMFeK2fE76gASBv29IGtUffKvld1epdaLt6ktsT7tRUlXz FVWZ0Nk2A5aHTrCfqdh3uQVQCV7UgGtrQswo8pzgUCxrFg8Eu7SN7L93WbxhlMzW LIR6RflaGP4vL6x0QoJPIu5U9x0= =mhYt -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
