多实例tomcat server.xml权限被拒绝 [英] Multi-instance tomcat server.xml permission denied

问题描述

我正在尝试在centos上运行tomcat7的多实例配置。我已经安装了tomcat

I'm trying to run a multi-instance configuration of tomcat7 on centos. I have installed tomcat with

yum install tomcat

在以以下方式启动时起作用

which works when started with

systemctl start tomcat.service

按照自述文件，我创建了catalina基础目录结构的副本，该目录结构最初位于/ var / lib / tomcats / name中，但此后已移动

Following the readme I created a copy of the catalina base directory structure which originally was located in /var/lib/tomcats/name, but has since moved

drwxr-xr-x. 7 tomcat tomcat   69 Jul 17 16:16 .
drwxr-xr-x. 3 tomcat tomcat   23 Jul 17 15:50 ..
drwxr-xr-x. 4 tomcat tomcat  231 Jul 17 15:52 conf
drwxrwx---. 2 tomcat tomcat 4096 Jul 18 09:36 logs
drwxrwx---. 2 tomcat tomcat    6 Apr 10 20:38 temp
drwxrwxr-x. 7 tomcat tomcat   83 Jul 16 14:07 webapps
drwxrwx---. 3 tomcat tomcat   22 Jul 16 14:11 work

此文件夹结构现在位于/ tomcat / tomcats / instance1 /，因为我正在尝试使用权限。

This folder structure now lives in /tomcat/tomcats/instance1/ as I'm trying to play with permissions.

在使用实例启动

systemctl start tomcat@instance1.service

此操作失败

journalctl -u tomcat@instance1.service

Jul 18 10:00:09 tomcat-server systemd[1]: Started Apache Tomcat Web Application Container.
Jul 18 10:00:09 tomcat-server systemd[1]: Starting Apache Tomcat Web Application Container...
Jul 18 10:00:09 tomcat-server server[5142]: Java virtual machine used: /usr/lib/jvm/jre/bin/java
Jul 18 10:00:09 tomcat-server server[5142]: classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
Jul 18 10:00:09 tomcat-server server[5142]: main class used: org.apache.catalina.startup.Bootstrap
Jul 18 10:00:09 tomcat-server server[5142]: flags used:
Jul 18 10:00:09 tomcat-server server[5142]: options used: -Dcatalina.base=/tomcat/tomcats/instance1 -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat/temp -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
Jul 18 10:00:09 tomcat-server server[5142]: arguments used: start
Jul 18 10:00:09 tomcat-server server[5142]: Jul 18, 2018 10:00:09 AM org.apache.catalina.startup.Catalina load
Jul 18 10:00:09 tomcat-server server[5142]: WARNING: Unable to load server configuration from [/tomcat/tomcats/instance1/conf/server.xml]
Jul 18 10:00:09 tomcat-server server[5142]: Jul 18, 2018 10:00:09 AM org.apache.catalina.startup.Catalina load
Jul 18 10:00:09 tomcat-server server[5142]: WARNING: Unable to load server configuration from [/tomcat/tomcats/instance1/conf/server.xml]
Jul 18 10:00:09 tomcat-server server[5142]: Jul 18, 2018 10:00:09 AM org.apache.catalina.startup.Catalina start
Jul 18 10:00:09 tomcat-server server[5142]: SEVERE: Cannot start server. Server instance is not configured.
Jul 18 10:00:09 tomcat-server server[5171]: Java virtual machine used: /usr/lib/jvm/jre/bin/java
Jul 18 10:00:09 tomcat-server server[5171]: classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
Jul 18 10:00:09 tomcat-server server[5171]: main class used: org.apache.catalina.startup.Bootstrap
Jul 18 10:00:09 tomcat-server server[5171]: flags used:
Jul 18 10:00:09 tomcat-server server[5171]: options used: -Dcatalina.base=/tomcat/tomcats/instance1 -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat/temp -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
Jul 18 10:00:09 tomcat-server server[5171]: arguments used: stop
Jul 18 10:00:10 tomcat-server server[5171]: Jul 18, 2018 10:00:10 AM org.apache.catalina.startup.Catalina stopServer
Jul 18 10:00:10 tomcat-server server[5171]: SEVERE: Catalina.stop:
Jul 18 10:00:10 tomcat-server server[5171]: java.io.FileNotFoundException: /tomcat/tomcats/instance1/conf/server.xml (Permission denied)
Jul 18 10:00:10 tomcat-server server[5171]: at java.io.FileInputStream.open0(Native Method)
Jul 18 10:00:10 tomcat-server server[5171]: at java.io.FileInputStream.open(FileInputStream.java:195)
Jul 18 10:00:10 tomcat-server server[5171]: at java.io.FileInputStream.<init>(FileInputStream.java:138)
Jul 18 10:00:10 tomcat-server server[5171]: at org.apache.catalina.startup.Catalina.stopServer(Catalina.java:466)
Jul 18 10:00:10 tomcat-server server[5171]: at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Jul 18 10:00:10 tomcat-server server[5171]: at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
Jul 18 10:00:10 tomcat-server server[5171]: at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Jul 18 10:00:10 tomcat-server server[5171]: at java.lang.reflect.Method.invoke(Method.java:498)
Jul 18 10:00:10 tomcat-server server[5171]: at org.apache.catalina.startup.Bootstrap.stopServer(Bootstrap.java:343)
Jul 18 10:00:10 tomcat-server server[5171]: at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
Jul 18 10:00:10 tomcat-server systemd[1]: tomcat@instance1.service: control process exited, code=exited status=1
Jul 18 10:00:10 tomcat-server systemd[1]: Unit tomcat@instance1.service entered failed state.
Jul 18 10:00:10 tomcat-server systemd[1]: tomcat@instance1.service failed.

关键问题是

Jul 18 10:00:10 tomcat-server server[5171]: java.io.FileNotFoundException: /tomcat/tomcats/instance1/conf/server.xml (Permission denied)

我可以以tomcat用户身份登录并读取server.xml文件。我可以将tomcat用户更改为root用户，并成功启动tomcat@instance1.service，但无法弄清楚为什么我在使用tomcat用户启动时被拒绝了权限。

I can login as the tomcat user and read the server.xml file. I can change the tomcat user to root and start tomcat@instance1.service successfully but cannot figure out why I'm getting permission denied on startup with the tomcat user. Any help would be much appreciated.

conf文件夹权限

drwxr-xr-x. 4 tomcat tomcat    231 Jul 17 15:52 .
drwxr-xr-x. 7 tomcat tomcat     69 Jul 17 16:16 ..
drwxrwxr-x. 3 tomcat tomcat     23 Jul 16 11:13 Catalina
-rw-r--r--. 1 tomcat tomcat  13443 Apr 10 20:38 catalina.policy
-rw-r--r--. 1 tomcat tomcat   6496 Apr 10 20:38 catalina.properties
drwxr-xr-x. 2 tomcat tomcat     20 Jul 17 13:51 conf.d
-rw-r--r--. 1 tomcat tomcat   1394 Apr 10 20:38 context.xml
-rw-r--r--. 1 tomcat tomcat    547 Apr 10 20:38 log4j.properties
-rw-r--r--. 1 tomcat tomcat   3288 Apr 10 20:38 logging.properties
-rw-rwxr--. 1 tomcat tomcat   6613 Apr 10 20:38 server.xml
-rw-r--r--. 1 tomcat tomcat   1681 Jul 17 14:27 tomcat.conf
-rw-r-----. 1 tomcat tomcat   2407 Jul 16 14:11 tomcat-users.xml
-rw-r--r--. 1 tomcat tomcat 167655 Apr 10 20:38 web.xml

更新1-从根目录到服务器的文件夹权限.xml始终与/tomcat/tomcats/instance1/conf/server.xml完全相同

Update 1 - Folder permissions from root to server.xml are the same all the way through /tomcat/tomcats/instance1/conf/server.xml

drwxr-xr-x.   3 tomcat tomcat   21 Jul 17 16:39 tomcat
drwxr-xr-x.  3 tomcat tomcat  23 Jul 17 15:50 tomcats
drwxr-xr-x. 7 tomcat tomcat 69 Jul 17 16:16 instance1
drwxr-xr-x. 4 tomcat tomcat  231 Jul 17 15:52 conf
-rw-rwxr--. 1 tomcat tomcat   6613 Apr 10 20:38 server.xml

更新2-/ usr / lib / systemd /system/tomcat@.service。

Update 2 - /usr/lib/systemd/system/tomcat@.service. No changes have been made here

# Systemd unit file for tomcat instances.
#
# To create clones of this service:
# 0. systemctl enable tomcat@name.service
# 1. create catalina.base directory structure in
#    /var/lib/tomcats/name
#    CHANGED TO /tomcat/tomcats/name due to permissions
# 2. profit.

[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target

[Service]
Type=simple
EnvironmentFile=/etc/tomcat/tomcat.conf
Environment="NAME=%I"
EnvironmentFile=-/etc/sysconfig/tomcat@%I
ExecStart=/usr/libexec/tomcat/server start
ExecStop=/usr/libexec/tomcat/server stop
SuccessExitStatus=143
User=tomcat

[Install]
WantedBy=multi-user.target

/etc/tomcat/tomcat.conf已将TOMCATS_BASE更改为/ tomcat / tomcats，如果不存在CATALINA_BASE，则与实例名称连接

/etc/tomcat/tomcat.conf changed TOMCATS_BASE to /tomcat/tomcats which is joined with the instance name if CATALINA_BASE doesn't exist

# System-wide configuration file for tomcat services
# This will be loaded by systemd as an environment file,
# so please keep the syntax. For shell expansion support
# place your custom files as /etc/tomcat/conf.d/*.conf
#
# There are 2 "classes" of startup behavior in this package.
# The old one, the default service named tomcat.service.
# The new named instances are called tomcat@instance.service.
#
# Use this file to change default values for all services.
# Change the service specific ones to affect only one service.
# For tomcat.service it's /etc/sysconfig/tomcat, for
# tomcat@instance it's /etc/sysconfig/tomcat@instance.

# This variable is used to figure out if config is loaded or not.
TOMCAT_CFG_LOADED="1"

# In new-style instances, if CATALINA_BASE isn't specified, it will
# be constructed by joining TOMCATS_BASE and NAME.
TOMCATS_BASE="/tomcat/tomcats/"
#TOMCATS_BASE="/var/tomcats/"

# Where your java installation lives
JAVA_HOME="/usr/lib/jvm/jre"

# Where your tomcat installation lives
CATALINA_HOME="/usr/share/tomcat"

# System-wide tmp
CATALINA_TMPDIR="/var/cache/tomcat/temp"

# You can pass some parameters to java here if you wish to
#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"

# Use JAVA_OPTS to set java.library.path for libtcnative.so
#JAVA_OPTS="-Djava.library.path=/usr/lib"

# You can change your tomcat locale here
#LANG="en_US"

# Run tomcat under the Java Security Manager
SECURITY_MANAGER="false"

# Time to wait in seconds, before killing process
# TODO(stingray): does nothing, fix.
# SHUTDOWN_WAIT="30"

# If you wish to further customize your tomcat environment,
# put your own definitions here
# (i.e. LD_LIBRARY_PATH for some jdbc drivers)

推荐答案

这与Tomcat配置无关。它是RHEL和CentOS机器上的SELinux，阻止了与默认tomcat安装无关的文件夹的读写权限。要解决此问题，请安装SELinux管理工具并为tomcat_t SELinux类型设置许可。

This has nothing to do with the Tomcat configuration. It is the SELinux on RHEL and CentOS boxes preventing the read write permissions on folders not associated with default tomcat installation. To fix this, install the SELinux management tool and set permissive for tomcat_t SELinux type.

yum install selinux-policy-devel

semanage permissive -a tomcat_t

这篇关于多实例tomcat server.xml权限被拒绝的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！