Bug 677414 - Tomcat 6 incorrect directory permission settings
Summary: Tomcat 6 incorrect directory permission settings
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: tomcat6
Version: rawhide
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: David Knox
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 708694 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-02-14 17:18 UTC by Steven Hadfield
Modified: 2015-11-02 00:16 UTC (History)
10 users (show)

Fixed In Version: tomcat6-6.0.32-5.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-07-18 22:40:47 UTC
Type: ---


Attachments (Terms of Use)

Description Steven Hadfield 2011-02-14 17:18:28 UTC
Description of problem:
With fresh installs as well as recent updates to tomcat6, folders for tomcat have incorrect permissions. Specifically, many of its folders in /usr/share/tomcat6 are striped of the execute permissions for the tomcat group.

Version-Release number of selected component (if applicable):
tomcat6-6.0.30-2.fc15.x86_64
tomcat6-admin-webapps-6.0.30-2.fc15.x86_64
(systemd-17-5.fc15.x86_64)

How reproducible:
Everytime

Steps to Reproduce:
1. Install tomcat6 package
2. Try running the service with 'service tomcat6 start'
3. Try loading localhost:8080 (or customized port)
  
Actual results:
Tomcat service not running

Expected results:
Tomcat service running

Additional info:
I had to set the group execute permissions on:
/var/lib/tomcat6
/var/lib/tomcat6/webapps
/etc/tomcat6
/var/log/tomcat6
/var/cache/tomcat6
/var/cache/tomcat6/work

Once I fixed the group permissions, I got it to work.
I guess the way around doing this would be to run tomcat as root, which is ill-advisable.

I also had to uncomment the CATALINA_HOME setting in /etc/sysconfig/tomcat6 to get the service to run.

Comment 1 Steven Hadfield 2011-02-14 17:23:46 UTC
This may be a re-appearance of bug 574593

Comment 2 Joel F 2011-03-14 14:51:50 UTC
I can confirm setting adding the g+x permission is needed to get tomcat working. 

But it is not needed for /var/cache/tomcat/* as those are already owned by the tomcat user.

I did not had to edit CATALINA_HOME as that is solved by applying instructions given in bug 680447

Comment 3 Vít Ondruch 2011-04-01 14:30:39 UTC
I can confirm that adding g+x permissions makes tomcat working. Please update the package. The 680447 is already applied.

Comment 4 Fedora Update System 2011-04-13 17:30:40 UTC
tomcat6-6.0.30-7.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/tomcat6-6.0.30-7.fc15

Comment 5 Fedora Update System 2011-04-14 00:35:34 UTC
Package tomcat6-6.0.30-7.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing tomcat6-6.0.30-7.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/tomcat6-6.0.30-7.fc15
then log in and leave karma (feedback).

Comment 6 Fedora Update System 2011-05-02 19:55:55 UTC
tomcat6-6.0.30-8.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/tomcat6-6.0.30-8.fc15

Comment 7 Fedora Update System 2011-05-16 18:53:32 UTC
tomcat6-6.0.32-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/tomcat6-6.0.32-1.fc15

Comment 8 Andreas Girgensohn 2011-07-04 00:29:31 UTC
Bug 708694 seems to be a duplicate of this.

tomcat6-6.0.32-1.fc15 has been labeled as unstable six weeks ago because of a karma of -3.

I have been holding off on upgrading more servers from F14 to F15 because of this bug.  Is this still being worked on or should I just go ahead and manually fix the bugs addressed by the unstable version?

Comment 9 Steven Hadfield 2011-07-05 13:37:56 UTC
The permissions seem to be ok, but on a related note: the temp and work directories do not exist in /var/cache/tomcat6. In /usr/share/tomcat6, temp and work show up as broken links. The result is that I get errors like this:

SEVERE: The scratchDir you specified: /usr/share/tomcat6/work/Catalina/localhost/manager is unusable.
Jul 5, 2011 8:18:00 AM org.apache.catalina.startup.HostConfig deployWAR

I just updated to the latest version of tomcat6 in rawhide: 6.0.32-10.fc16

Comment 10 David Knox 2011-07-05 15:27:43 UTC
hmmm, My tests on -10 didn't show that problem and the spec file shows those links are supposed to be made. The permission on workdir is 775. I'll retest and fix as needed.

Comment 11 David Knox 2011-07-05 18:29:10 UTC
New install of tomcat6-6.0.32-4.fc15 and tomcat6-6.0.32-10.fc16 didn't show the problem. I'll try an update and see if the problem manifests.

[root@nec-em11 ~]# ls -l /var/cache/tomcat6/
total 8
drwxrwxr-x. 2 root tomcat 4096 Jul  5 13:34 temp
drwxrwxr-x. 2 root tomcat 4096 Jul  5 13:34 work


[root@nec-em11 ~]# ls -l /usr/share/tomcat6
total 4
drwxr-xr-x. 2 root root   4096 Jul  5 14:07 bin
lrwxrwxrwx. 1 root tomcat   12 Jul  5 14:07 conf -> /etc/tomcat6
lrwxrwxrwx. 1 root tomcat   23 Jul  5 14:07 lib -> /usr/share/java/tomcat6
lrwxrwxrwx. 1 root tomcat   16 Jul  5 14:07 logs -> /var/log/tomcat6
lrwxrwxrwx. 1 root tomcat   23 Jul  5 14:07 temp -> /var/cache/tomcat6/temp
lrwxrwxrwx. 1 root tomcat   24 Jul  5 14:07 webapps -> /var/lib/tomcat6/webapps
lrwxrwxrwx. 1 root tomcat   23 Jul  5 14:07 work -> /var/cache/tomcat6/work

[root@nec-em11 ~]# ls -l /var/lib/tomcat6/webapps
total 24
drwxr-xr-x. 10 root root   4096 Jul  5 14:07 docs
drwxrwxr-x.  5 root tomcat 4096 Jul  5 14:07 examples
drwxrwxr-x.  5 root tomcat 4096 Jul  5 14:07 host-manager
drwxrwxr-x.  5 root tomcat 4096 Jul  5 14:07 manager
drwxrwxr-x.  3 root tomcat 4096 Jul  5 14:07 ROOT
drwxrwxr-x.  5 root tomcat 4096 Jul  5 14:07 sample

[root@nec-em11 ~]# ls -l /usr/share/tomcat6/work/Catalina/localhost
total 24
drwxr-xr-x. 2 tomcat tomcat 4096 Jul  5 14:17 docs
drwxr-xr-x. 2 tomcat tomcat 4096 Jul  5 14:17 examples
drwxr-xr-x. 2 tomcat tomcat 4096 Jul  5 14:17 host-manager
drwxr-xr-x. 2 tomcat tomcat 4096 Jul  5 14:17 manager
drwxr-xr-x. 2 tomcat tomcat 4096 Jul  5 14:17 sample

[root@nec-em11 ~]# wget http://localhost:8080/docs
--2011-07-05 14:17:39--  http://localhost:8080/docs
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:8080... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: http://localhost:8080/docs/ [following]
--2011-07-05 14:17:39--  http://localhost:8080/docs/
Connecting to localhost|::1|:8080... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12921 (13K) [text/html]
Saving to: “index.html.3”

100%[=============================================>] 12,921      --.-K/s   in 0s      

2011-07-05 14:17:39 (122 MB/s) - “index.html.3” saved [12921/12921]

[root@nec-em11 ~]# grep SEVERE /var/log/tomcat6/*
[root@nec-em11 ~]#

Comment 12 David Knox 2011-07-05 18:33:01 UTC
Should have include the listing for the work dir also:

[root@nec-em11 ~]# ls -l /var/cache/tomcat6/work
total 4
drwxr-xr-x. 3 tomcat tomcat 4096 Jul  5 14:17 Catalina

Comment 13 David Knox 2011-07-05 20:24:17 UTC
I was able to reproduce the problem on f15 by yum update to a scratch build. I'm working on it. In the mean time do an erase and install which worked for me.

Comment 14 Fedora Update System 2011-07-06 00:31:42 UTC
tomcat6-6.0.32-5.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/tomcat6-6.0.32-5.fc15

Comment 15 David Knox 2011-07-06 00:47:08 UTC
I'll test commit f16 in the morning

Comment 16 Fedora Update System 2011-07-06 21:27:42 UTC
Package tomcat6-6.0.32-5.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing tomcat6-6.0.32-5.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/tomcat6-6.0.32-5.fc15
then log in and leave karma (feedback).

Comment 17 Andreas Girgensohn 2011-07-07 03:33:42 UTC
Updating to tomcat6-6.0.32-5.fc15 from tomcat6-6.0.30-6.fc15 fixed the problems caused by a yum upgrade from F14 to F15.  I don't have a Fedora account and can't leave karma.  Thanks.

Comment 18 Leif Gruenwoldt 2011-07-08 20:19:39 UTC
*** Bug 708694 has been marked as a duplicate of this bug. ***

Comment 19 Fedora Update System 2011-07-18 22:40:40 UTC
tomcat6-6.0.32-5.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 20 Germano Massullo 2011-09-07 22:21:44 UTC
I had the identical problem, you should reopen this bugreport

[root@Portatile caterpillar]# ll /usr/share/tomcat6/ 
totale 4 
drwxrwxr-x 2 root tomcat 4096  1 set 17.19 bin 
lrwxrwxrwx 1 root tomcat   12  1 set 17.19 conf -> /etc/tomcat6 
lrwxrwxrwx 1 root tomcat   23  1 set 17.19 lib -> /usr/share/java/tomcat6 
lrwxrwxrwx 1 root tomcat   16  1 set 17.19 logs -> /var/log/tomcat6 
lrwxrwxrwx 1 root tomcat   23  1 set 17.19 temp -> /var/cache/tomcat6/temp 
lrwxrwxrwx 1 root tomcat   24  1 set 17.19 webapps -> /var/lib/tomcat6/webapps 
lrwxrwxrwx 1 root tomcat   23  1 set 17.19 work -> /var/cache/tomcat6/work 
[root@Portatile caterpillar]# ll /etc/tomcat6/ 
totale 100 
drwxrwxr-x 3 root   tomcat  4096  1 set 17.19 Catalina 
-rw-rw-r-- 1 tomcat tomcat  9978  6 lug 02.12 catalina.policy 
-rw-rw-r-- 1 tomcat tomcat  3713  6 lug 02.12 catalina.properties 
-rw-rw-r-- 1 tomcat tomcat  1395  6 lug 02.12 context.xml 
-rw-rw-r-- 1 tomcat tomcat   547  6 lug 02.12 log4j.properties 
-rw-rw-r-- 1 tomcat tomcat  3257  6 lug 02.12 logging.properties 
-rw-rw-r-- 1 tomcat tomcat  6616  6 lug 02.12 server.xml 
-rw-rw-r-- 1 tomcat tomcat  1454  6 lug 02.13 tomcat6.conf 
-rw-rw-r-- 1 tomcat tomcat  1806  6 lug 02.12 tomcat-users.xml 
-rw-rw-rw- 1 tomcat tomcat 51835  6 lug 02.12 web.xml


Tomcat Version: 6.0.32
Fedora 15

Comment 21 Germano Massullo 2011-09-08 21:14:21 UTC
I solved with this command
yum install tomcat6-webapps


Note You need to log in before you can comment on or make changes to this bug.