On Thu, Sep 7, 2017 at 5:30 PM, Christopher Schultz <ch...@christopherschultz.net> wrote: >> >> What should the permissions, owner & group be set to for >> CATALINA_HOME if I am running separate instances per user? > > It doesn't really matter. You just need to make sure that your "users" > can read the default config files -- especially conf/web.xml and > conf/tomcat.xml which usually shouldn't be modified from their > defaults anyway. > > I've always been irritated that the conf/ directory is only readable > by the owner in the tarball. Maybe I'll agitate to get that changed, > and only protect conf/server.xml and conf/tomcat-users.xml in that way. >
Resurrecting this .... I'm doing some cleanup and upgrading to 8.5.24. Previously I had copied the entire conf directory from HOME to BASE, and modifying files as necessary. Now I removed from BASE files I hadn't touched (web.xml, jaspic stuff etc), but subsequently get the following message in catalina.out INFO ... org.apache.catalina.startup.ContextConfig.getDefaultWebXmlFragment No global web.xml found All other startup succeeds but nothing is accessible, I just get a standard 404 when trying to access my web apps or even the manager app. There are no actual ERROR level messages though. Permissions are as follows : /usr/local/apache-tomcat-8.5.24/conf [root@s3 conf]# ls -al total 236 drwxr-x--- 2 root tomcat 4096 Nov 27 13:33 . drwxr-xr-x 9 root root 4096 Dec 7 16:30 .. -rw-r----- 1 root tomcat 13824 Nov 27 13:33 catalina.policy -rw-r----- 1 root tomcat 7376 Nov 27 13:33 catalina.properties -rw-r----- 1 root tomcat 1338 Nov 27 13:33 context.xml -rw-r----- 1 root tomcat 1149 Nov 27 13:33 jaspic-providers.xml -rw-r----- 1 root tomcat 2313 Nov 27 13:33 jaspic-providers.xsd -rw-r----- 1 root tomcat 3622 Nov 27 13:33 logging.properties -rw------- 1 root tomcat 7511 Nov 27 13:33 server.xml -rw------- 1 root tomcat 2164 Nov 27 13:33 tomcat-users.xml -rw-r----- 1 root tomcat 2633 Nov 27 13:33 tomcat-users.xsd -rw-r----- 1 root tomcat 169322 Nov 27 13:33 web.xml /home/sandbox1/tomcat/conf [sandbox1@s3 conf]$ ls -la total 32 drwxr-xr-x 3 sandbox1 sandbox1 4096 Dec 7 19:01 . drwxr-xr-x 10 sandbox1 sandbox1 4096 Dec 7 18:59 .. drwxr-xr-x 3 sandbox1 sandbox1 4096 Sep 7 16:50 Catalina -rw-r--r-- 1 sandbox1 sandbox1 7407 Nov 2 01:58 catalina.properties -rw-r--r-- 1 sandbox1 sandbox1 1437 Sep 7 20:38 context.xml -rw-r--r-- 1 sandbox1 sandbox1 3770 Dec 7 18:46 logging.properties -rw-r--r-- 1 sandbox1 sandbox1 2522 Sep 7 20:29 server.xml My sandbox users belong to the 'tomcat' group (not using a 'tomcat' user though). I can cat web.xml with a sandbox user. (I tweaked the permissions from the defaults to allow sandbox users to read the default config) If I copy web.xml from HOME/conf to BASE/conf everything works again. So do I need to copy everything over from HOME/conf to BASE/conf even if I am not changing anything? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
