Re: Wondering about tomcat-users.xml could not be found

Fri, 17 Nov 2023 06:41:58 -0800 

Christoph,

On 11/17/23 03:55, Christoph Kukulies wrote:
Am 16.11.2023 um 20:12 schrieb Christopher Schultz 
What is the user-owner of the JVM process?



root      125216  0.0  0.0      0     0 ?        I    09:42   0:00 
[kworker/0:0-events]
root      125221  0.0  0.0      0     0 ?        I    09:42   0:00 
[kworker/0:2]
tomcat    125222  166  9.2 3551824 363244 ?      Ssl  09:42   0:16 
/usr/lib/jvm/default-java/bin/java 
-Djava.util.logging.config.file=/var/lib/tomcat9/conf/logging.properties 
-Djava.util.logging.mana
root      125246  0.0  0.0      0     0 ?        I    09:42   0:00 
[kworker/u4:2-flush-8:0]



Ugh. I *really* hope this is Docker. Add even if it is, /stop running 
Tomcat as root/.



Check that all of the above would be both readable and executable by 
that user:


ls -ld /var
ls -ld /var/lib
ls -ld /var/lib/tomcat9
ls -ld /var/lib/tomcat9/conf


root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var
drwxr-xr-x 15 root root 4096 Oct 23 16:31 */var*
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var/lib
drwxr-xr-x 63 root root 4096 Nov 10 10:28 */var/lib*

root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld 
/var/lib/tomcat9

drwxr-xr-x 6 root root 4096 Nov 17 09:42 */var/lib/tomcat9*

root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld 
/var/lib/tomcat9/conf
lrwxrwxrwx 1 tomcat tomcat 12 Sep 11  2019 */var/lib/tomcat9/conf*-> 
*/etc/tomcat9*

root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /etc/tomcat9
drwxr-xr-x 4 root root 4096 Nov 16 12:17 */etc/tomcat9*
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config#


Permissions look good, even if the process-owner isn't root.


... and of course that the JVM user can read 
/var/lib/tomcat9/conf/tomcat-users.xml which I assume is true since 
you said you already checked it.


What is the cwd of the JVM process?


root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# pwdx 125222
125222: /var/lib/tomcat9


TIL: pwdx is a thing


Okay, so that all checks out. cwd is /var/lib/tomcat9 and the "allegedly 
relative path" is conf/tomcat-users.xml, which points to where the file 
actually lives on the disk.



The first message ("reloading") has the full path, and the second 
message ("file not found") only mentions a relative path. I wonder if 
that is the difference.






Could it be that the second path relates to a missing env-Variable 
$CATALINA_BASE or $CATALINA_HOME?



root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# cat 
/proc/125222/environ | tr '\0' '\n'

USER=tomcat
HOME=/var/lib/tomcat
CATALINA_HOME=/usr/share/tomcat9
CATALINA_TMPDIR=/tmp

JAVA_OPTS=-Djava.awt.headless=true -Djdk.tls.ephemeralDHKeySize=2048 
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources 
-Dorg.apache.catalina.security.SecurityListener.UMASK=0027

PWD=/var/lib/tomcat9
JAVA_HOME=/usr/lib/jvm/default-java

> CATALINA_BASE=/var/lib/tomcat9


Well, that all checks out. USER looks weird, but I'm assuming there's a 
"sudo java ..." somewhere in the launch command.



It seems the situation is straightened out since I changed the ownership 
of the file tomcat-users.xml

-rw-r----- 1 tomcat tomcat   2756 Jan 15  2022 tomcat-users.xml



So... who is the owner, now? If the process is really running as "root" 
then it should be able to read even file on the filesystem.


-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to