On Tue, Mar 11, 2025 at 8:04 PM Jason Bailey <jbai...@emerytelcom.com.invalid> wrote:
> I see /etc/tomcat9/server.xml and /usr/share/tomcat9/etc/server.xml. > Both have an entry like this: > > <Resource name="UserDatabase" auth="Container" > type="org.apache.catalina.UserDatabase" > description="User database that can be updated and saved" > factory="org.apache.catalina.users.MemoryUserDatabaseFactory" > pathname="conf/tomcat-users.xml" /> Debian utilizes ucf <https://manpages.debian.org/jessie/ucf/ucf.1.en.html>, Update Configuration File, utility to update a configuration file while trying to preserve any local changes. It updates tomcat configuration files by merging the new package-provided version with the locally modified version, ensuring that custom changes aren’t lost during updates. /usr/share/tomcat9/etc/$conffile: This is the source file provided by the package (the “new” version). /etc/tomcat9/$conffile: This is the target configuration file that may/should have been customized. > > So does that mean the tomcat-users.xml file should be in a subdirectory > named 'conf'? In other words, '/etc/tomcat9/conf/tomcat-users.xml'? > No. It is structured in such a way that all configuration files are under the /etc/tomcat9 directory, abiding to the Linux directory structure. If running tomcat as a service, inspecting the service file, default CATALINA_HOME=/usr/share/tomcat9 and CATALINA_BASE=/var/lib/tomcat9. There is a link in CATALINA_BASE, 'conf' pointing to /etc/tomcat9. > > Also, in /usr/share/tomcat9-admin/host-manager/WEB-INF/web.xml, there is > a role for admin-gui whose description says "The role that is required > to log in to the Host Manager Application HTML interface". This may not > be relevant, but it sure looked that way to me when poking around and > trying to get this all to work. > > Also, many Debian-specific Tomcat guides mention "admin-gui" such as this: > > > https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-9-on-debian-10 > > But yeah, the Debian specific deviations have me confused. > > > > On 3/10/25 6:45 PM, Chuck Caldarale wrote: > >> On 2025 Mar 10, at 18:06, Jason Bailey <jbai...@emerytelcom.com.INVALID> > wrote: > >> > >> I'm running Tomcat 9 on Debian 12 to run Apache Guacamole and am trying > >> to get the tomcat-users.xml file to take so that I can manage the > >> service from the Tomcat Manager. So far I have not had luck getting the > >> login dialog to the manager to accept any xml file I give it. > >> > >> First, where should I be putting the tomcat-users.xml file? Is there a > >> special place I should be putting this file? > > > > The location of tomcat-users.xml is specified in Tomcat’s server.xml > file. On a real Tomcat distribution (one downloaded from tomcat.apache.org > <http://tomcat.apache.org/>), both server.xml and tomcat-users.xml are > located in the conf directory, which itself is inside the directory in > which you installed Tomcat. If you’re using a Debian-provided package, you > may have to hunt for them, since such packages do not use Tomcat’s standard > directory layout and may modify the standard settings in the server.xml > file. > > > > Note that it’s best to modify the provided tomcat-users.xml file rather > than trying to generate your own from scratch. > > > > > >> Second, what is wrong with this config? > >> > >> <?xml version="1.0" encoding="UTF-8"?> > >> > >> <tomcat-users xmlns="http://tomcat.apache.org/xml"; > >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > >> xsi:schemaLocation="http://tomcat.apache.org/xml > >> tomcat-users.xsd" > >> version="1.0"> > >> > >> <role rolename="admin-gui" /> > > > > “admin-gui” is not a role used by the Tomcat manager webapp; why is it > here? > > > > > >> <role rolename="manager-gui"/> > > > > The “manager-gui” role is built-in, so you don’t have to specify it in > the tomcat-users.xml file. > > > > > >> <user username="admin" password="admin" > roles="manager-gui,admin-gui"/> > > > > The roles used by any webapp are declared in the app’s WEB-INF/web.xml > file; there’s no “admin-gui” role for the manager webapp. > > > > > >> </tomcat-users> > >> > >> The above isn't what I would call ideal credentials -- it's just > >> something to test with, to get going, etc. If any of you have advice for > >> getting this working I'd sure appreciate it. > > > > Look in the catalina.out log file to see if you’re getting any errors > during Tomcat initialization, which is when the tomcat-users.xml file is > read. For real Tomcat downloads, catalina.out is in Tomcat’s logs > directory; for package distributions, you’ll have to hunt for it. > > > > - Chuck > > > > > *Confidentiality Notice* This email message may contain legally privileged > and/or confidential information. If you are not the intended recipient(s), > you are hereby notified that any dissemination, distribution or copying of > this email message is strictly prohibited. If you have received this email > in error, please immediately notify the sender and delete this email > message from your computer. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org Kind regards, Dimitris
