> On 2025 Mar 11, at 12:54, Jason Bailey <jbai...@emerytelcom.com.invalid> > wrote: > > I see /etc/tomcat9/server.xml and /usr/share/tomcat9/etc/server.xml.
That seems wrong - there should not be two instances of the server.xml file. Looks like the Debian repackaging of Tomcat has done something silly. > Both have an entry like this: > > <Resource name="UserDatabase" auth="Container" > type="org.apache.catalina.UserDatabase" > description="User database that can be updated and saved" > factory="org.apache.catalina.users.MemoryUserDatabaseFactory" > pathname="conf/tomcat-users.xml" /> > > So does that mean the tomcat-users.xml file should be in a subdirectory > named 'conf'? In other words, '/etc/tomcat9/conf/tomcat-users.xml'? Maybe… since those are relative paths, you first need to find out what the current directory is when the Tomcat process starts up. > Also, in /usr/share/tomcat9-admin/host-manager/WEB-INF/web.xml, there is > a role for admin-gui whose description says "The role that is required > to log in to the Host Manager Application HTML interface". This may not > be relevant, but it sure looked that way to me when poking around and > trying to get this all to work. That’s the *host* manager webapp, not the manager webapp. The two apps serve entirely different purposes. > Also, many Debian-specific Tomcat guides mention "admin-gui" such as this: > > https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-9-on-debian-10 > > But yeah, the Debian specific deviations have me confused. Since Debian has chosen to scatter things hither and yon, you’re going to need help from Debian to really figure things out. You always have the option of downloading and deploying the current version from tomcat.apache.org <http://tomcat.apache.org/>. - Chuck > On 3/10/25 6:45 PM, Chuck Caldarale wrote: >>> On 2025 Mar 10, at 18:06, Jason Bailey <jbai...@emerytelcom.com.INVALID> >>> wrote: >>> >>> I'm running Tomcat 9 on Debian 12 to run Apache Guacamole and am trying >>> to get the tomcat-users.xml file to take so that I can manage the >>> service from the Tomcat Manager. So far I have not had luck getting the >>> login dialog to the manager to accept any xml file I give it. >>> >>> First, where should I be putting the tomcat-users.xml file? Is there a >>> special place I should be putting this file? >> >> The location of tomcat-users.xml is specified in Tomcat’s server.xml file. >> On a real Tomcat distribution (one downloaded from tomcat.apache.org >> <http://tomcat.apache.org/> <http://tomcat.apache.org/>), both server.xml >> and tomcat-users.xml are located in the conf directory, which itself is >> inside the directory in which you installed Tomcat. If you’re using a >> Debian-provided package, you may have to hunt for them, since such packages >> do not use Tomcat’s standard directory layout and may modify the standard >> settings in the server.xml file. >> >> Note that it’s best to modify the provided tomcat-users.xml file rather than >> trying to generate your own from scratch. >> >> >>> Second, what is wrong with this config? >>> >>> <?xml version="1.0" encoding="UTF-8"?> >>> >>> <tomcat-users xmlns="http://tomcat.apache.org/xml" >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >>> xsi:schemaLocation="http://tomcat.apache.org/xml >>> tomcat-users.xsd" >>> version="1.0"> >>> >>> <role rolename="admin-gui" /> >> >> “admin-gui” is not a role used by the Tomcat manager webapp; why is it here? >> >> >>> <role rolename="manager-gui"/> >> >> The “manager-gui” role is built-in, so you don’t have to specify it in the >> tomcat-users.xml file. >> >> >>> <user username="admin" password="admin" roles="manager-gui,admin-gui"/> >> >> The roles used by any webapp are declared in the app’s WEB-INF/web.xml file; >> there’s no “admin-gui” role for the manager webapp. >> >> >>> </tomcat-users> >>> >>> The above isn't what I would call ideal credentials -- it's just >>> something to test with, to get going, etc. If any of you have advice for >>> getting this working I'd sure appreciate it. >> >> Look in the catalina.out log file to see if you’re getting any errors during >> Tomcat initialization, which is when the tomcat-users.xml file is read. For >> real Tomcat downloads, catalina.out is in Tomcat’s logs directory; for >> package distributions, you’ll have to hunt for it. >> >> - Chuck >> >> > *Confidentiality Notice* This email message may contain legally privileged > and/or confidential information. If you are not the intended recipient(s), > you are hereby notified that any dissemination, distribution or copying of > this email message is strictly prohibited. If you have received this email in > error, please immediately notify the sender and delete this email message > from your computer. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > <mailto:users-unsubscr...@tomcat.apache.org> > For additional commands, e-mail: users-h...@tomcat.apache.org > <mailto:users-h...@tomcat.apache.org>