Bug 241771 - tomcat fails to use old session data
tomcat fails to use old session data
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: tomcat5 (Show other bugs)
6
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Vivek Lakshmanan
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-30 10:44 EDT by Steve Friedman
Modified: 2008-08-02 19:40 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-06 15:38:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
directory listing (1017 bytes, text/plain)
2007-05-30 10:46 EDT, Steve Friedman
no flags Details

  None (edit)
Description Steve Friedman 2007-05-30 10:44:05 EDT
Description of problem:
I had a pair of servlets that were correctly operating prior to the recent
tomcat upgrade (installed by yum on 22May) that no longer start.  I am now
getting the following errors in catalina.out (note that there were no matching
errors in either /var/log/messages or /var/log/audit/audit.log):

SEVERE: IOException while saving persisted sessions:
java.io.FileNotFoundException:
/usr/share/tomcat5/work/Catalina/localhost/pmei/SESSIONS.ser (permission denied)

SEVERE: Exception unloading sessions to persistent storage
(same FNFE as above)

(see attached log for further details)
(one other oddity is the line:
  ow: ow-ha.cfg -> /usr/share/tomcat5/ow-ha.cfg
because, in the previous version of tomcat it was:
  ow: ow-ha.cfg -> /root/ow-ha.cfg

I marked this bug confidential as I am providing my unedited log file and I
don't feel like going through the co-ordination process required necessary to
make this log file available to the public.

Finally, I don't know what the labelling on the directories were prior to the
upgrade, but I am also attaching those listings in a follow-up.

Version-Release number of selected component (if applicable):
tomcat5-5.5.23-0jpp.2.fc6

How reproducible:
Every time.

Steps to Reproduce:
1. /etc/init.d/tomcat5 restart
2.
3.
  
Actual results:
See attached log file

Expected results:
Servlets start as expected.

Additional info:
Comment 1 Steve Friedman 2007-05-30 10:44:05 EDT
Created attachment 155692 [details]
log file
Comment 2 Steve Friedman 2007-05-30 10:46:30 EDT
Created attachment 155693 [details]
directory listing

Proof that the directories / files exist.  Again, note that selinux didn't log
anything.
Comment 3 Steve Friedman 2007-05-30 11:22:08 EDT
Reverting to tomcat5-5.5.17-6jpp.2 resolved the file / session problems.
Comment 4 Steve Friedman 2007-05-30 15:30:56 EDT
You can ignore the comment regarding the ow-ha.cfg oddity.  This was caused
because one servlet that I have opens a port below 1024 and I was getting a
permission error unless TOMCAT_USER was root.  The update moved my tomcat5.conf
to tomcat5.conf.rpmsave and thus TOMCAT_USER was "tomcat" again and thus created
that problem.
Comment 5 Vivek Lakshmanan 2007-05-31 15:03:08 EDT
(In reply to comment #4)
> You can ignore the comment regarding the ow-ha.cfg oddity.  This was caused
> because one servlet that I have opens a port below 1024 and I was getting a
> permission error unless TOMCAT_USER was root.  The update moved my tomcat5.conf
> to tomcat5.conf.rpmsave and thus TOMCAT_USER was "tomcat" again and thus created
> that problem.

Did you try running 5.5.23 with TOMCAT_USER set to root as well? From your
comments, it doesnt seem like it... The files are clearly owned by root and
5.5.23 (as most previous releases of tomcat on fedora) are run as tomcat by
default...
Comment 6 Steve Friedman 2007-06-01 11:32:19 EDT
Actually, I reverted in comment 3 (which caused the session problem to resolve)
even though TOMCAT_USER=tomcat; then, realizing that I wasn't able to bind to
port 53/udp, modified TOMCAT_USER, and later remembered to post comment 4.  But,
today I reinstalled 5.5.23 and (even though TOMCAT_USER="root"), it didn't work.
 I'm busy with other things today, but hopefully next week I'll get around to
doing what I know I should have done all along (namely use iptables to redirect
port 53/udp to a high numbered port and run tomcat as an unprivileged user) and
report back.
Comment 7 Lubomir Kundrak 2008-04-08 08:59:43 EDT
(In reply to comment #6)
> But,
> today I reinstalled 5.5.23 and (even though TOMCAT_USER="root"), it didn't work.

Sounds like SELinux might be disallowing those accesses. Have you had any AVC
denials?
Comment 8 Bug Zapper 2008-05-06 15:38:28 EDT
This bug is open for a Fedora version that is no longer maintained and
will not be fixed by Fedora. Therefore we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen thus bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.