(responding to myself)
The culprit is the option
NoNewPrivileges=true
in the file /etc/systemd/system/multi-user.target.wants/tomcat8.service
When changed to false, one must also call 'systemctl daemon-reload' and
after a tomcat restart, the problem is solved.
Claude
On 21/05/2019 19:52, Claude Brisson wrote:
Hi all.
I use tomcat 8.5.39 and java oracle 1.8.0_191 on linux (ubuntu 19.04).
Tomcat was installed by apt-get and runs as a service.
If I open a shell as the tomcat8 user, I can launch a Java program
which successfully executes a sudo command in a sub-process.
But from a Java servlet, the code fails with this error from the sudo
executable:
sudo: effective uid is not 0, is /usr/bin/sudo on a file system
with the 'nosuid' option set or an NFS file system without root
privileges?
which means that somehow, the tomcat process was unable or unwilling
to honor the setuid flag of the sudo command.
Is it a special security measure ?
If yes, is it set in tomcat ? in the JVM ? In Ubuntu's tomcat8 service
packaging? In systemd config?
And is there any configuration option to relax it?
Thanks,
Claude
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
