Re: Wondering about tomcat-users.xml could not be found
Christoph, On 11/17/23 03:55, Christoph Kukulies wrote: Am 16.11.2023 um 20:12 schrieb Christopher Schultz What is the user-owner of the JVM process? root 125216 0.0 0.0 0 0 ? I 09:42 0:00 [kworker/0:0-events] root 125221 0.0 0.0 0 0 ? I 09:42 0:00 [kworker/0:2] tomcat 125222 166 9.2 3551824 363244 ? Ssl 09:42 0:16 /usr/lib/jvm/default-java/bin/java -Djava.util.logging.config.file=/var/lib/tomcat9/conf/logging.properties -Djava.util.logging.mana root 125246 0.0 0.0 0 0 ? I 09:42 0:00 [kworker/u4:2-flush-8:0] Ugh. I *really* hope this is Docker. Add even if it is, /stop running Tomcat as root/. Check that all of the above would be both readable and executable by that user: ls -ld /var ls -ld /var/lib ls -ld /var/lib/tomcat9 ls -ld /var/lib/tomcat9/conf root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var drwxr-xr-x 15 root root 4096 Oct 23 16:31 */var* root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var/lib drwxr-xr-x 63 root root 4096 Nov 10 10:28 */var/lib* root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var/lib/tomcat9 drwxr-xr-x 6 root root 4096 Nov 17 09:42 */var/lib/tomcat9* root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var/lib/tomcat9/conf lrwxrwxrwx 1 tomcat tomcat 12 Sep 11 2019 */var/lib/tomcat9/conf*-> */etc/tomcat9* root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /etc/tomcat9 drwxr-xr-x 4 root root 4096 Nov 16 12:17 */etc/tomcat9* root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# Permissions look good, even if the process-owner isn't root. ... and of course that the JVM user can read /var/lib/tomcat9/conf/tomcat-users.xml which I assume is true since you said you already checked it. What is the cwd of the JVM process? root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# pwdx 125222 125222: /var/lib/tomcat9 TIL: pwdx is a thing Okay, so that all checks out. cwd is /var/lib/tomcat9 and the "allegedly relative path" is conf/tomcat-users.xml, which points to where the file actually lives on the disk. The first message ("reloading") has the full path, and the second message ("file not found") only mentions a relative path. I wonder if that is the difference. Could it be that the second path relates to a missing env-Variable $CATALINA_BASE or $CATALINA_HOME? root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# cat /proc/125222/environ | tr '\0' '\n' USER=tomcat HOME=/var/lib/tomcat CATALINA_HOME=/usr/share/tomcat9 CATALINA_TMPDIR=/tmp JAVA_OPTS=-Djava.awt.headless=true -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 PWD=/var/lib/tomcat9 JAVA_HOME=/usr/lib/jvm/default-java > CATALINA_BASE=/var/lib/tomcat9 Well, that all checks out. USER looks weird, but I'm assuming there's a "sudo java ..." somewhere in the launch command. It seems the situation is straightened out since I changed the ownership of the file tomcat-users.xml -rw-r- 1 tomcat tomcat 2756 Jan 15 2022 tomcat-users.xml So... who is the owner, now? If the process is really running as "root" then it should be able to read even file on the filesystem. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Wondering about tomcat-users.xml could not be found
> Am 16.11.2023 um 20:19 schrieb l...@kreuser.name: > > Hi Chris*, > > >> Am 16.11.2023 um 20:12 schrieb Christopher Schultz >> : >> >> Christoph, >> >> On 11/15/23 10:32, Christoph Kukulies wrote: >>> I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it. >>> I'm wondering about the following in the logs: >>> Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database >>> [UserDatabase] from updated source >>> [file:/var/lib/tomcat9/conf/tomcat-users.xml] >>> Nov 15 16:19:23 mail tomcat9[832]: The specified user database >>> [conf/tomcat-users.xml] could not be found >>> Nov 15 16:19:33 mail tomcat9[832]: Reloading memory user database >>> [UserDatabase] from updated source >>> [file:/var/lib/tomcat9/conf/tomcat-users.xml] >>> Nov 15 16:19:33 mail tomcat9[832]: The specified user database >>> [conf/tomcat-users.xml] could not be found >>> Nov 15 16:19:43 mail tomcat9[832]: Reloading memory user database >>> [UserDatabase] from updated source >>> [file:/var/lib/tomcat9/conf/tomcat-users.xml] >>> Nov 15 16:19:43 mail tomcat9[832]: The specified user database >>> [conf/tomcat-users.xml] could not be found >>> Nov 15 16:19:53 mail tomcat9[832]: Reloading memory user database >>> [UserDatabase] from updated source >>> [file:/var/lib/tomcat9/conf/tomcat-users.xml] >>> Nov 15 16:19:53 mail tomcat9[832]: The specified user database >>> [conf/tomcat-users.xml] could not be found >>> File /var/lib/tomcat9/conf/tomcat-users.xml is definitely there. >>> It occurs every 10 seconds. >>> Don't know who is causing this and why. Permissions? Ownership wrong? >>> -rw-r- 1 root root 2756 Jan 15 2022 tomcat-users.xml >>> Believe the ownership was wrong. Maybe it came from migrating an old >>> installation. >>> What are the correct perms/ownership in /var/lib/tomcat9 and below? >> >> What is the user-owner of the JVM process? root 125216 0.0 0.0 0 0 ?I09:42 0:00 [kworker/0:0-events] root 125221 0.0 0.0 0 0 ?I09:42 0:00 [kworker/0:2] tomcat125222 166 9.2 3551824 363244 ? Ssl 09:42 0:16 /usr/lib/jvm/default-java/bin/java -Djava.util.logging.config.file=/var/lib/tomcat9/conf/logging.properties -Djava.util.logging.mana root 125246 0.0 0.0 0 0 ?I09:42 0:00 [kworker/u4:2-flush-8:0] >> >> Check that all of the above would be both readable and executable by that >> user: >> >> ls -ld /var >> ls -ld /var/lib >> ls -ld /var/lib/tomcat9 >> ls -ld /var/lib/tomcat9/conf root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var drwxr-xr-x 15 root root 4096 Oct 23 16:31 /var root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var/lib drwxr-xr-x 63 root root 4096 Nov 10 10:28 /var/lib root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var/lib/tomcat9 drwxr-xr-x 6 root root 4096 Nov 17 09:42 /var/lib/tomcat9 root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var/lib/tomcat9/conf lrwxrwxrwx 1 tomcat tomcat 12 Sep 11 2019 /var/lib/tomcat9/conf -> /etc/tomcat9 root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /etc/tomcat9 drwxr-xr-x 4 root root 4096 Nov 16 12:17 /etc/tomcat9 root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# >> >> ... and of course that the JVM user can read >> /var/lib/tomcat9/conf/tomcat-users.xml which I assume is true since you said >> you already checked it. >> >> What is the cwd of the JVM process? >> root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# pwdx 125222 125222: /var/lib/tomcat9 >> The first message ("reloading") has the full path, and the second message >> ("file not found") only mentions a relative path. I wonder if that is the >> difference. >> > > > Could it be that the second path relates to a missing env-Variable > $CATALINA_BASE or $CATALINA_HOME? > root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# cat /proc/125222/environ | tr '\0' '\n' USER=tomcat HOME=/var/lib/tomcat OLDPWD=/ CATALINA_HOME=/usr/share/tomcat9 SYSTEMD_EXEC_PID=125222 LOGNAME=tomcat JOURNAL_STREAM=8:1778827 CACHE_DIRECTORY=/var/cache/tomcat9 JDK_JAVA_OPTIONS= --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED CATALINA_TMPDIR=/tmp PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin INVOCATION_ID=84b60xxxa420e09ed JAVA_OPTS=-Djava.awt.headless=true -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 LANG=en_US.UTF-8 PWD=/var/lib/tomcat9 JAVA_HOME=/usr/lib/jvm/default-java CATALINA_BASE=/var/lib/tomcat9 root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# > Peter It seems the situation is straightened out since I changed the ownership of the file
Re: Wondering about tomcat-users.xml could not be found
Hi, > I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it. > > I'm wondering about the following in the logs: > > Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database > [UserDatabase] from updated source > [file:/var/lib/tomcat9/conf/tomcat-users.xml] > Nov 15 16:19:23 mail tomcat9[832]: The specified user database > [conf/tomcat-users.xml] could not be found > Nov 15 16:19:33 mail tomcat9[832]: Reloading memory user database > [UserDatabase] from updated source > [file:/var/lib/tomcat9/conf/tomcat-users.xml] > Nov 15 16:19:33 mail tomcat9[832]: The specified user database > [conf/tomcat-users.xml] could not be found > Nov 15 16:19:43 mail tomcat9[832]: Reloading memory user database > [UserDatabase] from updated source > [file:/var/lib/tomcat9/conf/tomcat-users.xml] > Nov 15 16:19:43 mail tomcat9[832]: The specified user database > [conf/tomcat-users.xml] could not be found > Nov 15 16:19:53 mail tomcat9[832]: Reloading memory user database > [UserDatabase] from updated source > [file:/var/lib/tomcat9/conf/tomcat-users.xml] > Nov 15 16:19:53 mail tomcat9[832]: The specified user database > [conf/tomcat-users.xml] could not be found > > > > File /var/lib/tomcat9/conf/tomcat-users.xml is definitely there. > > It occurs every 10 seconds. > > Don't know who is causing this and why. Permissions? Ownership wrong? > > -rw-r- 1 root root 2756 Jan 15 2022 tomcat-users.xml Is your Tomcat running as root? I hope not, but if it's running as user tomcat or some other unprivileged user, it won't be able to read your tomcat-users.xml as long as the user is not member of group root. Regards, Simon - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Wondering about tomcat-users.xml could not be found
Peter, On 11/16/23 14:19, l...@kreuser.name wrote: Hi Chris*, Am 16.11.2023 um 20:12 schrieb Christopher Schultz : Christoph, On 11/15/23 10:32, Christoph Kukulies wrote: I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it. I'm wondering about the following in the logs: Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:23 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found Nov 15 16:19:33 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:33 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found Nov 15 16:19:43 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:43 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found Nov 15 16:19:53 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:53 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found File /var/lib/tomcat9/conf/tomcat-users.xml is definitely there. It occurs every 10 seconds. Don't know who is causing this and why. Permissions? Ownership wrong? -rw-r- 1 root root 2756 Jan 15 2022 tomcat-users.xml Believe the ownership was wrong. Maybe it came from migrating an old installation. What are the correct perms/ownership in /var/lib/tomcat9 and below? What is the user-owner of the JVM process? Check that all of the above would be both readable and executable by that user: ls -ld /var ls -ld /var/lib ls -ld /var/lib/tomcat9 ls -ld /var/lib/tomcat9/conf ... and of course that the JVM user can read /var/lib/tomcat9/conf/tomcat-users.xml which I assume is true since you said you already checked it. What is the cwd of the JVM process? The first message ("reloading") has the full path, and the second message ("file not found") only mentions a relative path. I wonder if that is the difference. Could it be that the second path relates to a missing env-Variable $CATALINA_BASE or $CATALINA_HOME? Unlikely. Tomcat always determines the values for catalina.home and catalina.base before launching the JVM. After that, only those system properties are consulted. But it's possible there is some sloppy code somewhere that is using cwd-relative paths. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Wondering about tomcat-users.xml could not be found
Hi Chris*, > Am 16.11.2023 um 20:12 schrieb Christopher Schultz > : > > Christoph, > > On 11/15/23 10:32, Christoph Kukulies wrote: >> I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it. >> I'm wondering about the following in the logs: >> Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database >> [UserDatabase] from updated source >> [file:/var/lib/tomcat9/conf/tomcat-users.xml] >> Nov 15 16:19:23 mail tomcat9[832]: The specified user database >> [conf/tomcat-users.xml] could not be found >> Nov 15 16:19:33 mail tomcat9[832]: Reloading memory user database >> [UserDatabase] from updated source >> [file:/var/lib/tomcat9/conf/tomcat-users.xml] >> Nov 15 16:19:33 mail tomcat9[832]: The specified user database >> [conf/tomcat-users.xml] could not be found >> Nov 15 16:19:43 mail tomcat9[832]: Reloading memory user database >> [UserDatabase] from updated source >> [file:/var/lib/tomcat9/conf/tomcat-users.xml] >> Nov 15 16:19:43 mail tomcat9[832]: The specified user database >> [conf/tomcat-users.xml] could not be found >> Nov 15 16:19:53 mail tomcat9[832]: Reloading memory user database >> [UserDatabase] from updated source >> [file:/var/lib/tomcat9/conf/tomcat-users.xml] >> Nov 15 16:19:53 mail tomcat9[832]: The specified user database >> [conf/tomcat-users.xml] could not be found >> File /var/lib/tomcat9/conf/tomcat-users.xml is definitely there. >> It occurs every 10 seconds. >> Don't know who is causing this and why. Permissions? Ownership wrong? >> -rw-r- 1 root root 2756 Jan 15 2022 tomcat-users.xml >> Believe the ownership was wrong. Maybe it came from migrating an old >> installation. >> What are the correct perms/ownership in /var/lib/tomcat9 and below? > > What is the user-owner of the JVM process? > > Check that all of the above would be both readable and executable by that > user: > > ls -ld /var > ls -ld /var/lib > ls -ld /var/lib/tomcat9 > ls -ld /var/lib/tomcat9/conf > > ... and of course that the JVM user can read > /var/lib/tomcat9/conf/tomcat-users.xml which I assume is true since you said > you already checked it. > > What is the cwd of the JVM process? > > The first message ("reloading") has the full path, and the second message > ("file not found") only mentions a relative path. I wonder if that is the > difference. > Could it be that the second path relates to a missing env-Variable $CATALINA_BASE or $CATALINA_HOME? Peter > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Wondering about tomcat-users.xml could not be found
Christoph, On 11/15/23 10:32, Christoph Kukulies wrote: I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it. I'm wondering about the following in the logs: Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:23 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found Nov 15 16:19:33 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:33 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found Nov 15 16:19:43 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:43 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found Nov 15 16:19:53 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:53 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found File /var/lib/tomcat9/conf/tomcat-users.xml is definitely there. It occurs every 10 seconds. Don't know who is causing this and why. Permissions? Ownership wrong? -rw-r- 1 root root 2756 Jan 15 2022 tomcat-users.xml Believe the ownership was wrong. Maybe it came from migrating an old installation. What are the correct perms/ownership in /var/lib/tomcat9 and below? What is the user-owner of the JVM process? Check that all of the above would be both readable and executable by that user: ls -ld /var ls -ld /var/lib ls -ld /var/lib/tomcat9 ls -ld /var/lib/tomcat9/conf ... and of course that the JVM user can read /var/lib/tomcat9/conf/tomcat-users.xml which I assume is true since you said you already checked it. What is the cwd of the JVM process? The first message ("reloading") has the full path, and the second message ("file not found") only mentions a relative path. I wonder if that is the difference. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Wondering about tomcat-users.xml could not be found
I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it. I'm wondering about the following in the logs: Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:23 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found Nov 15 16:19:33 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:33 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found Nov 15 16:19:43 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:43 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found Nov 15 16:19:53 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:53 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found File /var/lib/tomcat9/conf/tomcat-users.xml is definitely there. It occurs every 10 seconds. Don't know who is causing this and why. Permissions? Ownership wrong? -rw-r- 1 root root 2756 Jan 15 2022 tomcat-users.xml Believe the ownership was wrong. Maybe it came from migrating an old installation. What are the correct perms/ownership in /var/lib/tomcat9 and below? -- Christoph smime.p7s Description: S/MIME cryptographic signature