Re: Wondering about tomcat-users.xml could not be found
Christoph,
On 11/17/23 03:55, Christoph Kukulies wrote:
Am 16.11.2023 um 20:12 schrieb Christopher Schultz
What is the user-owner of the JVM process?
root 125216 0.0 0.0 0 0 ? I 09:42 0:00
[kworker/0:0-events]
root 125221 0.0 0.0 0 0 ? I 09:42 0:00
[kworker/0:2]
tomcat 125222 166 9.2 3551824 363244 ? Ssl 09:42 0:16
/usr/lib/jvm/default-java/bin/java
-Djava.util.logging.config.file=/var/lib/tomcat9/conf/logging.properties
-Djava.util.logging.mana
root 125246 0.0 0.0 0 0 ? I 09:42 0:00
[kworker/u4:2-flush-8:0]
Ugh. I *really* hope this is Docker. Add even if it is, /stop running
Tomcat as root/.
Check that all of the above would be both readable and executable by
that user:
ls -ld /var
ls -ld /var/lib
ls -ld /var/lib/tomcat9
ls -ld /var/lib/tomcat9/conf
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var
drwxr-xr-x 15 root root 4096 Oct 23 16:31 */var*
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var/lib
drwxr-xr-x 63 root root 4096 Nov 10 10:28 */var/lib*
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld
/var/lib/tomcat9
drwxr-xr-x 6 root root 4096 Nov 17 09:42 */var/lib/tomcat9*
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld
/var/lib/tomcat9/conf
lrwxrwxrwx 1 tomcat tomcat 12 Sep 11 2019 */var/lib/tomcat9/conf*->
*/etc/tomcat9*
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /etc/tomcat9
drwxr-xr-x 4 root root 4096 Nov 16 12:17 */etc/tomcat9*
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config#
Permissions look good, even if the process-owner isn't root.
... and of course that the JVM user can read
/var/lib/tomcat9/conf/tomcat-users.xml which I assume is true since
you said you already checked it.
What is the cwd of the JVM process?
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# pwdx 125222
125222: /var/lib/tomcat9
TIL: pwdx is a thing
Okay, so that all checks out. cwd is /var/lib/tomcat9 and the "allegedly
relative path" is conf/tomcat-users.xml, which points to where the file
actually lives on the disk.
The first message ("reloading") has the full path, and the second
message ("file not found") only mentions a relative path. I wonder if
that is the difference.
Could it be that the second path relates to a missing env-Variable
$CATALINA_BASE or $CATALINA_HOME?
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# cat
/proc/125222/environ | tr '\0' '\n'
USER=tomcat
HOME=/var/lib/tomcat
CATALINA_HOME=/usr/share/tomcat9
CATALINA_TMPDIR=/tmp
JAVA_OPTS=-Djava.awt.headless=true -Djdk.tls.ephemeralDHKeySize=2048
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources
-Dorg.apache.catalina.security.SecurityListener.UMASK=0027
PWD=/var/lib/tomcat9
JAVA_HOME=/usr/lib/jvm/default-java
> CATALINA_BASE=/var/lib/tomcat9
Well, that all checks out. USER looks weird, but I'm assuming there's a
"sudo java ..." somewhere in the launch command.
It seems the situation is straightened out since I changed the ownership
of the file tomcat-users.xml
-rw-r- 1 tomcat tomcat 2756 Jan 15 2022 tomcat-users.xml
So... who is the owner, now? If the process is really running as "root"
then it should be able to read even file on the filesystem.
-chris
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Wondering about tomcat-users.xml could not be found
> Am 16.11.2023 um 20:19 schrieb l...@kreuser.name:
>
> Hi Chris*,
>
>
>> Am 16.11.2023 um 20:12 schrieb Christopher Schultz
>> :
>>
>> Christoph,
>>
>> On 11/15/23 10:32, Christoph Kukulies wrote:
>>> I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it.
>>> I'm wondering about the following in the logs:
>>> Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database
>>> [UserDatabase] from updated source
>>> [file:/var/lib/tomcat9/conf/tomcat-users.xml]
>>> Nov 15 16:19:23 mail tomcat9[832]: The specified user database
>>> [conf/tomcat-users.xml] could not be found
>>> Nov 15 16:19:33 mail tomcat9[832]: Reloading memory user database
>>> [UserDatabase] from updated source
>>> [file:/var/lib/tomcat9/conf/tomcat-users.xml]
>>> Nov 15 16:19:33 mail tomcat9[832]: The specified user database
>>> [conf/tomcat-users.xml] could not be found
>>> Nov 15 16:19:43 mail tomcat9[832]: Reloading memory user database
>>> [UserDatabase] from updated source
>>> [file:/var/lib/tomcat9/conf/tomcat-users.xml]
>>> Nov 15 16:19:43 mail tomcat9[832]: The specified user database
>>> [conf/tomcat-users.xml] could not be found
>>> Nov 15 16:19:53 mail tomcat9[832]: Reloading memory user database
>>> [UserDatabase] from updated source
>>> [file:/var/lib/tomcat9/conf/tomcat-users.xml]
>>> Nov 15 16:19:53 mail tomcat9[832]: The specified user database
>>> [conf/tomcat-users.xml] could not be found
>>> File /var/lib/tomcat9/conf/tomcat-users.xml is definitely there.
>>> It occurs every 10 seconds.
>>> Don't know who is causing this and why. Permissions? Ownership wrong?
>>> -rw-r- 1 root root 2756 Jan 15 2022 tomcat-users.xml
>>> Believe the ownership was wrong. Maybe it came from migrating an old
>>> installation.
>>> What are the correct perms/ownership in /var/lib/tomcat9 and below?
>>
>> What is the user-owner of the JVM process?
root 125216 0.0 0.0 0 0 ?I09:42 0:00
[kworker/0:0-events]
root 125221 0.0 0.0 0 0 ?I09:42 0:00 [kworker/0:2]
tomcat125222 166 9.2 3551824 363244 ? Ssl 09:42 0:16
/usr/lib/jvm/default-java/bin/java
-Djava.util.logging.config.file=/var/lib/tomcat9/conf/logging.properties
-Djava.util.logging.mana
root 125246 0.0 0.0 0 0 ?I09:42 0:00
[kworker/u4:2-flush-8:0]
>>
>> Check that all of the above would be both readable and executable by that
>> user:
>>
>> ls -ld /var
>> ls -ld /var/lib
>> ls -ld /var/lib/tomcat9
>> ls -ld /var/lib/tomcat9/conf
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var
drwxr-xr-x 15 root root 4096 Oct 23 16:31 /var
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var/lib
drwxr-xr-x 63 root root 4096 Nov 10 10:28 /var/lib
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /var/lib/tomcat9
drwxr-xr-x 6 root root 4096 Nov 17 09:42 /var/lib/tomcat9
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld
/var/lib/tomcat9/conf
lrwxrwxrwx 1 tomcat tomcat 12 Sep 11 2019 /var/lib/tomcat9/conf -> /etc/tomcat9
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# ls -ld /etc/tomcat9
drwxr-xr-x 4 root root 4096 Nov 16 12:17 /etc/tomcat9
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config#
>>
>> ... and of course that the JVM user can read
>> /var/lib/tomcat9/conf/tomcat-users.xml which I assume is true since you said
>> you already checked it.
>>
>> What is the cwd of the JVM process?
>>
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# pwdx 125222
125222: /var/lib/tomcat9
>> The first message ("reloading") has the full path, and the second message
>> ("file not found") only mentions a relative path. I wonder if that is the
>> difference.
>>
>
>
> Could it be that the second path relates to a missing env-Variable
> $CATALINA_BASE or $CATALINA_HOME?
>
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config# cat
/proc/125222/environ | tr '\0' '\n'
USER=tomcat
HOME=/var/lib/tomcat
OLDPWD=/
CATALINA_HOME=/usr/share/tomcat9
SYSTEMD_EXEC_PID=125222
LOGNAME=tomcat
JOURNAL_STREAM=8:1778827
CACHE_DIRECTORY=/var/cache/tomcat9
JDK_JAVA_OPTIONS= --add-opens=java.base/java.lang=ALL-UNNAMED
--add-opens=java.base/java.io=ALL-UNNAMED
--add-opens=java.base/java.util=ALL-UNNAMED
--add-opens=java.base/java.util.concurrent=ALL-UNNAMED
--add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
CATALINA_TMPDIR=/tmp
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
INVOCATION_ID=84b60xxxa420e09ed
JAVA_OPTS=-Djava.awt.headless=true -Djdk.tls.ephemeralDHKeySize=2048
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources
-Dorg.apache.catalina.security.SecurityListener.UMASK=0027
LANG=en_US.UTF-8
PWD=/var/lib/tomcat9
JAVA_HOME=/usr/lib/jvm/default-java
CATALINA_BASE=/var/lib/tomcat9
root@mail:/var/lib/tomcat9/webapps/ROOT/WEB-INF/config#
> Peter
It seems the situation is straightened out since I changed the ownership of the
file
Re: Wondering about tomcat-users.xml could not be found
Hi, > I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it. > > I'm wondering about the following in the logs: > > Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database > [UserDatabase] from updated source > [file:/var/lib/tomcat9/conf/tomcat-users.xml] > Nov 15 16:19:23 mail tomcat9[832]: The specified user database > [conf/tomcat-users.xml] could not be found > Nov 15 16:19:33 mail tomcat9[832]: Reloading memory user database > [UserDatabase] from updated source > [file:/var/lib/tomcat9/conf/tomcat-users.xml] > Nov 15 16:19:33 mail tomcat9[832]: The specified user database > [conf/tomcat-users.xml] could not be found > Nov 15 16:19:43 mail tomcat9[832]: Reloading memory user database > [UserDatabase] from updated source > [file:/var/lib/tomcat9/conf/tomcat-users.xml] > Nov 15 16:19:43 mail tomcat9[832]: The specified user database > [conf/tomcat-users.xml] could not be found > Nov 15 16:19:53 mail tomcat9[832]: Reloading memory user database > [UserDatabase] from updated source > [file:/var/lib/tomcat9/conf/tomcat-users.xml] > Nov 15 16:19:53 mail tomcat9[832]: The specified user database > [conf/tomcat-users.xml] could not be found > > > > File /var/lib/tomcat9/conf/tomcat-users.xml is definitely there. > > It occurs every 10 seconds. > > Don't know who is causing this and why. Permissions? Ownership wrong? > > -rw-r- 1 root root 2756 Jan 15 2022 tomcat-users.xml Is your Tomcat running as root? I hope not, but if it's running as user tomcat or some other unprivileged user, it won't be able to read your tomcat-users.xml as long as the user is not member of group root. Regards, Simon - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Wondering about tomcat-users.xml could not be found
Peter,
On 11/16/23 14:19, l...@kreuser.name wrote:
Hi Chris*,
Am 16.11.2023 um 20:12 schrieb Christopher Schultz
:
Christoph,
On 11/15/23 10:32, Christoph Kukulies wrote:
I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it.
I'm wondering about the following in the logs:
Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database
[UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml]
Nov 15 16:19:23 mail tomcat9[832]: The specified user database
[conf/tomcat-users.xml] could not be found
Nov 15 16:19:33 mail tomcat9[832]: Reloading memory user database
[UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml]
Nov 15 16:19:33 mail tomcat9[832]: The specified user database
[conf/tomcat-users.xml] could not be found
Nov 15 16:19:43 mail tomcat9[832]: Reloading memory user database
[UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml]
Nov 15 16:19:43 mail tomcat9[832]: The specified user database
[conf/tomcat-users.xml] could not be found
Nov 15 16:19:53 mail tomcat9[832]: Reloading memory user database
[UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml]
Nov 15 16:19:53 mail tomcat9[832]: The specified user database
[conf/tomcat-users.xml] could not be found
File /var/lib/tomcat9/conf/tomcat-users.xml is definitely there.
It occurs every 10 seconds.
Don't know who is causing this and why. Permissions? Ownership wrong?
-rw-r- 1 root root 2756 Jan 15 2022 tomcat-users.xml
Believe the ownership was wrong. Maybe it came from migrating an old
installation.
What are the correct perms/ownership in /var/lib/tomcat9 and below?
What is the user-owner of the JVM process?
Check that all of the above would be both readable and executable by that user:
ls -ld /var
ls -ld /var/lib
ls -ld /var/lib/tomcat9
ls -ld /var/lib/tomcat9/conf
... and of course that the JVM user can read
/var/lib/tomcat9/conf/tomcat-users.xml which I assume is true since you said
you already checked it.
What is the cwd of the JVM process?
The first message ("reloading") has the full path, and the second message ("file not
found") only mentions a relative path. I wonder if that is the difference.
Could it be that the second path relates to a missing env-Variable
$CATALINA_BASE or $CATALINA_HOME?
Unlikely. Tomcat always determines the values for catalina.home and
catalina.base before launching the JVM. After that, only those system
properties are consulted.
But it's possible there is some sloppy code somewhere that is using
cwd-relative paths.
-chris
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Wondering about tomcat-users.xml could not be found
Hi Chris*,
> Am 16.11.2023 um 20:12 schrieb Christopher Schultz
> :
>
> Christoph,
>
> On 11/15/23 10:32, Christoph Kukulies wrote:
>> I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it.
>> I'm wondering about the following in the logs:
>> Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database
>> [UserDatabase] from updated source
>> [file:/var/lib/tomcat9/conf/tomcat-users.xml]
>> Nov 15 16:19:23 mail tomcat9[832]: The specified user database
>> [conf/tomcat-users.xml] could not be found
>> Nov 15 16:19:33 mail tomcat9[832]: Reloading memory user database
>> [UserDatabase] from updated source
>> [file:/var/lib/tomcat9/conf/tomcat-users.xml]
>> Nov 15 16:19:33 mail tomcat9[832]: The specified user database
>> [conf/tomcat-users.xml] could not be found
>> Nov 15 16:19:43 mail tomcat9[832]: Reloading memory user database
>> [UserDatabase] from updated source
>> [file:/var/lib/tomcat9/conf/tomcat-users.xml]
>> Nov 15 16:19:43 mail tomcat9[832]: The specified user database
>> [conf/tomcat-users.xml] could not be found
>> Nov 15 16:19:53 mail tomcat9[832]: Reloading memory user database
>> [UserDatabase] from updated source
>> [file:/var/lib/tomcat9/conf/tomcat-users.xml]
>> Nov 15 16:19:53 mail tomcat9[832]: The specified user database
>> [conf/tomcat-users.xml] could not be found
>> File /var/lib/tomcat9/conf/tomcat-users.xml is definitely there.
>> It occurs every 10 seconds.
>> Don't know who is causing this and why. Permissions? Ownership wrong?
>> -rw-r- 1 root root 2756 Jan 15 2022 tomcat-users.xml
>> Believe the ownership was wrong. Maybe it came from migrating an old
>> installation.
>> What are the correct perms/ownership in /var/lib/tomcat9 and below?
>
> What is the user-owner of the JVM process?
>
> Check that all of the above would be both readable and executable by that
> user:
>
> ls -ld /var
> ls -ld /var/lib
> ls -ld /var/lib/tomcat9
> ls -ld /var/lib/tomcat9/conf
>
> ... and of course that the JVM user can read
> /var/lib/tomcat9/conf/tomcat-users.xml which I assume is true since you said
> you already checked it.
>
> What is the cwd of the JVM process?
>
> The first message ("reloading") has the full path, and the second message
> ("file not found") only mentions a relative path. I wonder if that is the
> difference.
>
Could it be that the second path relates to a missing env-Variable
$CATALINA_BASE or $CATALINA_HOME?
Peter
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Wondering about tomcat-users.xml could not be found
Christoph,
On 11/15/23 10:32, Christoph Kukulies wrote:
I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it.
I'm wondering about the following in the logs:
Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database
[UserDatabase] from updated source
[file:/var/lib/tomcat9/conf/tomcat-users.xml]
Nov 15 16:19:23 mail tomcat9[832]: The specified user database
[conf/tomcat-users.xml] could not be found
Nov 15 16:19:33 mail tomcat9[832]: Reloading memory user database
[UserDatabase] from updated source
[file:/var/lib/tomcat9/conf/tomcat-users.xml]
Nov 15 16:19:33 mail tomcat9[832]: The specified user database
[conf/tomcat-users.xml] could not be found
Nov 15 16:19:43 mail tomcat9[832]: Reloading memory user database
[UserDatabase] from updated source
[file:/var/lib/tomcat9/conf/tomcat-users.xml]
Nov 15 16:19:43 mail tomcat9[832]: The specified user database
[conf/tomcat-users.xml] could not be found
Nov 15 16:19:53 mail tomcat9[832]: Reloading memory user database
[UserDatabase] from updated source
[file:/var/lib/tomcat9/conf/tomcat-users.xml]
Nov 15 16:19:53 mail tomcat9[832]: The specified user database
[conf/tomcat-users.xml] could not be found
File /var/lib/tomcat9/conf/tomcat-users.xml is definitely there.
It occurs every 10 seconds.
Don't know who is causing this and why. Permissions? Ownership wrong?
-rw-r- 1 root root 2756 Jan 15 2022 tomcat-users.xml
Believe the ownership was wrong. Maybe it came from migrating an old
installation.
What are the correct perms/ownership in /var/lib/tomcat9 and below?
What is the user-owner of the JVM process?
Check that all of the above would be both readable and executable by
that user:
ls -ld /var
ls -ld /var/lib
ls -ld /var/lib/tomcat9
ls -ld /var/lib/tomcat9/conf
... and of course that the JVM user can read
/var/lib/tomcat9/conf/tomcat-users.xml which I assume is true since you
said you already checked it.
What is the cwd of the JVM process?
The first message ("reloading") has the full path, and the second
message ("file not found") only mentions a relative path. I wonder if
that is the difference.
-chris
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Wondering about tomcat-users.xml could not be found
I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it. I'm wondering about the following in the logs: Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:23 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found Nov 15 16:19:33 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:33 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found Nov 15 16:19:43 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:43 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found Nov 15 16:19:53 mail tomcat9[832]: Reloading memory user database [UserDatabase] from updated source [file:/var/lib/tomcat9/conf/tomcat-users.xml] Nov 15 16:19:53 mail tomcat9[832]: The specified user database [conf/tomcat-users.xml] could not be found File /var/lib/tomcat9/conf/tomcat-users.xml is definitely there. It occurs every 10 seconds. Don't know who is causing this and why. Permissions? Ownership wrong? -rw-r- 1 root root 2756 Jan 15 2022 tomcat-users.xml Believe the ownership was wrong. Maybe it came from migrating an old installation. What are the correct perms/ownership in /var/lib/tomcat9 and below? -- Christoph smime.p7s Description: S/MIME cryptographic signature
