Hi Mathieu, Le 18/05/2020 à 15:26, Mathieu HETRU a écrit :
> So each virtualhost in server.xml got one webapps directory under > catalina_home (/var/lib/tomcat9). > > But tomcat9 cannot deploy war files (applications) because the unix user > "tomcat" cannot have access read-write under /var/lib/tomcat9. The tomcat user isn't allowed to write to /var/lib/tomcat9 because we want to prevent a malicious or compromised web application from altering the Tomcat configuration. So you have to customize the systemd configuration for the tomcat9 service as you've figured out. > I have found the solution with adding this line : > > ReadWritePaths=/var/lib/tomcat9/ > > in the systemctl file service of tomcat9 > /usr/lib/systemd/system/tomcat9.service > > and systemctl daemon-reload > > But, when an update of debian occured on tomcat9 package, i lost my > modification. /usr/lib/systemd/system/tomcat9.service belongs to the package and should not be modified. Custom settings go to a conf file under /etc/systemd/system/tomcat9.service.d/, you can look at the README.Debian file for an example. Emmanuel Bourg