-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Emmanuel,
On 6/22/20 19:14, Emmanuel Bourg wrote: > Le 22/06/2020 à 18:43, Brian a écrit : > >> I'm not really an expert with Linux. It would seem to me that the >> "adm" group (to which syslog seems to belong) lacks a write >> permission > > Indeed, rsyslog in Ubuntu runs as syslog:adm and needs special > permissions to write to /var/log/tomcat9. This issue should be > reported to Ubuntu. > > The tomcat9 package in Debian isn't affected by this issue because > rsyslogd runs as root. > > >> OK, I did it and the write permission was added to the adm group. >> I restarted Tomcat.... and it worked, the catalina.out file got >> created! However, after I restarted the whole Ubuntu, I >> discovered that the permissions went back to how there were (not >> write for adm). Why is that? > > The permissions on this directory are managed by systemd-tmpfiles. > The tomcat9 package defines the expected permissions in > /usr/lib/tmpfiles.d/tomcat9.conf and the permissions are enforced > when the system starts. > > It's possible to override the default settings, you have to copy > the configuration file to /etc/tmpfiles.d/ and change the > permissions on /var/log/tomcat9 from 2750 to 2760: > > cp /usr/lib/tmpfiles.d/tomcat9.conf /etc/tmpfiles.d/ sed -i > s/2750/2760/ /etc/tmpfiles.d/tomcat9.conf > > The write permissions for the adm group will then be persistent. > > >> In any case, why is this permission required in my new VPS, if >> the old one lacks it and catalina.out works perfectly? > > I guess your older VPS had the tomcat8 package installed. The > tomcat9 package is different as it leverages several systemd > features to improve the security and the reliability. With this kind of service (and, similarly, Coty Sutherland's work @ RedHat), I might re-think my policy of always using the vanilla packages from Apache. It's *really* nice when the package-manager can do it all. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7yHp4ACgkQHPApP6U8 pFjrOg//akrAF8ZQlS2d5943zClVfwoddOW+I2clK7IYqJcu4LIIMm07v73aVVhe eAYLQLOZTXM6u3SHI4rsobGDO5QBb4wa0xxKEZFcq+pr809zzwvwd9gufuYfuNFj xa37zyzQzv0vuhfHZNYy6eUhThVS9eSPLu0vZQnLxNExoMiVM3BNMm0evYjQHwO2 97BtwhTP9IBPjRFLvzyKCmhcotNbqY+bnn5610k5+rgBz5A/Az/ZBLHOhOb5cjWZ 1L/Ue2P86WWl2/5Dqu4IVrN1TQldyr2RQtCbcWjR4LhTKZoBNc+vyhFu/LExfexy 18mvoUY7jNKTwoJ7CiC0p7iy6Se89DzNqUzlCqUC6/1P9pRi9oYDBmeEUEnjaQ7E tlw/GQbgALk8X+gq0hNMS9HOvlyZOZlN5iBS56cYFOje8iJrasDhxDcqWdhRqpsg F1S42eGVk37oBpnY7dZcf/SoAmp/vIesGZ5iVi9qKSLgLbmmKGZo2/C4OnyMVkdD +zMbcK6ClHCGK5lDVys0Hobc8gblLkUc2PY9yOxxD7Cyyml4hQ+0DzQYDbNwggAn BAuElpOUDyzjyHYkLD12IP8ZC3ZcSZA/MnR1hHU6pbAC4tXA0sjhU6WaWP2wDIyS hixxYgF8PoM9CwdHHnw6/ROpiqCZeIBn1NYNWcQmxMZALBWOUZ0= =72na -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
