Control: tags -1 - moreinfo
Control: found -1 10.1.30-1
Hi all, hi Markus,
I'm not the bugreporter, but jumping in anyway.
On 01 Jul 2023, Markus Koschany wrote:
> There is a difference between the operating system user and
> home directory and the applications' home directory.
[...]
> You have to tell your tomcat applications explicitly if they
> can write or read certain file system directories. See
> /usr/share/doc/tomcat10/README.Debian for more information.
> By default Debian's tomcat package is meant to be secure. It
> is the task of the system administrator to configure tomcat
> correctly.
Indeed this should solve my problem (see below). Thanks!
But anyway:
> See Debian bug https://bugs.debian.org/926338 for reference.
In this bugreport a reason (ssh keys for Jenkins) was found to move the
tomcat user's home from / to /var/lib/tomcat. Since this directory does
not exist, while /var/lib/tomcat10 does, this looks like an packaging
error on first glance.
I suggest to additionally create /var/lib/tomcat and maybe put a README
in that directory with something like:
~~~~
This is the home directory of the tomcat system user. You may use it
for permanent configuration like e.g. ssh key.
Deploy your apps in the versioned directory /var/lib/tomcat10/.
If you place them somewhere else make sure they have read and write
access. See /usr/share/doc/tomcat10/README.Debian for more information.
~~~~
This would help tomcat newbies like me. Just as background info: I
configured some other path for an application which then failed to
start. In the journal I found error messages like: "HSEARCH600015:
Unable to initialize index directory: /my/configured/path/lucene_index:
Das Dateisystem ist nur lesbar [The filesystem is read-only]". After
verifying that the tomcat user could write there I noticed the (for me
misleading) /etc/passwd entry. While I already assumed some sandboxing
issue as root cause I still investigated the non-existing home directory
and luckily found your comment here.
Thanks and big greets!
jre
