Red Hat Bugzilla – Bug 241771
tomcat fails to use old session data
Last modified: 2008-08-02 19:40:37 EDT
Description of problem:
I had a pair of servlets that were correctly operating prior to the recent
tomcat upgrade (installed by yum on 22May) that no longer start. I am now
getting the following errors in catalina.out (note that there were no matching
errors in either /var/log/messages or /var/log/audit/audit.log):
SEVERE: IOException while saving persisted sessions:
/usr/share/tomcat5/work/Catalina/localhost/pmei/SESSIONS.ser (permission denied)
SEVERE: Exception unloading sessions to persistent storage
(same FNFE as above)
(see attached log for further details)
(one other oddity is the line:
ow: ow-ha.cfg -> /usr/share/tomcat5/ow-ha.cfg
because, in the previous version of tomcat it was:
ow: ow-ha.cfg -> /root/ow-ha.cfg
I marked this bug confidential as I am providing my unedited log file and I
don't feel like going through the co-ordination process required necessary to
make this log file available to the public.
Finally, I don't know what the labelling on the directories were prior to the
upgrade, but I am also attaching those listings in a follow-up.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. /etc/init.d/tomcat5 restart
See attached log file
Servlets start as expected.
Created attachment 155692 [details]
Created attachment 155693 [details]
Proof that the directories / files exist. Again, note that selinux didn't log
Reverting to tomcat5-5.5.17-6jpp.2 resolved the file / session problems.
You can ignore the comment regarding the ow-ha.cfg oddity. This was caused
because one servlet that I have opens a port below 1024 and I was getting a
permission error unless TOMCAT_USER was root. The update moved my tomcat5.conf
to tomcat5.conf.rpmsave and thus TOMCAT_USER was "tomcat" again and thus created
(In reply to comment #4)
> You can ignore the comment regarding the ow-ha.cfg oddity. This was caused
> because one servlet that I have opens a port below 1024 and I was getting a
> permission error unless TOMCAT_USER was root. The update moved my tomcat5.conf
> to tomcat5.conf.rpmsave and thus TOMCAT_USER was "tomcat" again and thus created
> that problem.
Did you try running 5.5.23 with TOMCAT_USER set to root as well? From your
comments, it doesnt seem like it... The files are clearly owned by root and
5.5.23 (as most previous releases of tomcat on fedora) are run as tomcat by
Actually, I reverted in comment 3 (which caused the session problem to resolve)
even though TOMCAT_USER=tomcat; then, realizing that I wasn't able to bind to
port 53/udp, modified TOMCAT_USER, and later remembered to post comment 4. But,
today I reinstalled 5.5.23 and (even though TOMCAT_USER="root"), it didn't work.
I'm busy with other things today, but hopefully next week I'll get around to
doing what I know I should have done all along (namely use iptables to redirect
port 53/udp to a high numbered port and run tomcat as an unprivileged user) and
(In reply to comment #6)
> today I reinstalled 5.5.23 and (even though TOMCAT_USER="root"), it didn't work.
Sounds like SELinux might be disallowing those accesses. Have you had any AVC
This bug is open for a Fedora version that is no longer maintained and
will not be fixed by Fedora. Therefore we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen thus bug against that version.
Thank you for reporting this bug and we are sorry it could not be fixed.