View Issue Details

IDProjectCategoryView StatusLast Update
0005084CentOS-6tomcat6public2011-12-06 15:43
Reportersidney 
PriorityhighSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version6.0 
Target VersionFixed in Version6.1 
Summary0005084: Tomcat6 init.d script sets ownership of log files wrong, breaking if TOMCAT_USER is anything other than tomcat
DescriptionOn RH EL6 you can run tomcat6 as a user other than the default 'tomcat' by setting TOMCAT_USER in the configuration and making sure that $TOMCAT_USER is in the tomcat group.

This does not work under CentOS 6 because of file ownership and permissions.

I see one set of differences is the three chown lines in /etc/init.d/tomcat6 but there must also be another difference in whatever code creates /etc/tomcat6 directory. In RH6 /etc/tomcat6 ends up having owner root and group tomcat. In CentOS 6 version of tomcat6 the directory /etc/tomcat6 has owner tomcat and group root, which means that if $TOMCAT_USER is not tomcat then its membership in the tomcat group does not help it get access.
Steps To ReproduceInstall tomcat6, using

 yum -y install jakarta-commons-dbcp-tomcat5 jakarta-commons-pool-tomcat5 \
   tomcat-native tomcat6 tomcat6-admin-webapps tomcat6-docs-webapp \
   tomcat6-el-2.1-api tomcat6-javadoc tomcat6-jsp-2.1-api tomcat6-lib \
   tomcat6-servlet-2.5-api tomcat6-webapps

Create a user account to run tomcat as (for example 'foo') then

TOMCAT_USER=foo
usermod -G tomcat $TOMCAT_USER

edit /etc/tomcat6/tomcat6.conf to change the TOMCAT_USER setting to TOMCAT_USER=foo

Try to start up tomcat6

service tomcat6 start

and see the error messages in /var/log/tomcat6/catalina.out

Notice that /etc/tomcat6 is owned by tomcat:root but the tomcat process is owned by foo and therefore cannot write to files in that directory.


TagsQA-6.1

Activities

toracat

toracat

2011-09-08 15:55

manager   ~0013208

I can see the difference in the ownership:

RHEL6.1 (not 6.0 but this seems to agree with the OP's)
$ ls -al /etc/tomcat6
total 116
drwxrwxr-x. 3 root tomcat 4096 Sep 8 08:47 .
drwxr-xr-x. 121 root root 12288 Sep 8 08:47 ..
drwxrwxr-x. 3 root tomcat 4096 Sep 8 08:47 Catalina
-rw-rw-r--. 1 root root 8945 Apr 28 15:18 catalina.policy
-rw-rw-r--. 1 root root 3713 Apr 28 15:18 catalina.properties
-rw-rw-r--. 1 root root 1395 Apr 28 15:18 context.xml
-rw-rw-r--. 1 root root 547 Apr 28 15:23 log4j.properties
-rw-rw-r--. 1 root root 3257 Apr 28 15:18 logging.properties
-rw-rw-r--. 1 root root 6616 Apr 28 15:18 server.xml
-rw-rw-r--. 1 root root 1753 Apr 28 15:23 tomcat6.conf
-rw-rw-r--. 1 root tomcat 1383 Apr 28 15:18 tomcat-users.xml
-rw-rw-r--. 1 root root 50475 Apr 28 15:18 web.xml

CentOS 6.0
$ ls -al /etc/tomcat6
total 112
drwxrwxr-x. 3 tomcat root 4096 Sep 8 09:46 .
drwxr-xr-x. 118 root root 12288 Sep 8 09:46 ..
drwxrwxr-x. 3 tomcat tomcat 4096 Sep 8 09:46 Catalina
-rw-rw-r--. 1 root root 8945 Jun 25 02:48 catalina.policy
-rw-rw-r--. 1 root root 3713 Jun 25 02:48 catalina.properties
-rw-rw-r--. 1 root root 1395 Jun 25 02:48 context.xml
-rw-rw-r--. 1 tomcat tomcat 3257 Jun 25 02:48 logging.properties
-rw-rw-r--. 1 root root 6616 Jun 25 02:48 server.xml
-rw-rw-r--. 1 root root 1462 Jun 25 02:51 tomcat6.conf
-rw-rw-r--. 1 root tomcat 1383 Jun 25 02:48 tomcat-users.xml
-rw-rw-r--. 1 root root 50475 Jun 25 02:48 web.xml
athmane

athmane

2011-09-13 15:16

developer   ~0013240

Confirm the issue, though I'm not sure if it's supported to run tomcat (the one installed form the official repo) as other user.

On CentOS 6.0:

# ls -al | grep tomcat
drwxrwxr-x. 3 tomcat root 4096 Aug 31 14:31 tomcat6

# ls -al tomcat6/
total 104
drwxrwxr-x. 3 tomcat root 4096 Aug 31 14:31 .
drwxr-xr-x. 85 root root 4096 Sep 13 13:30 ..
drwxrwxr-x. 3 tomcat tomcat 4096 Aug 31 12:31 Catalina
-rw-rw-r--. 1 root root 8945 Jun 25 10:48 catalina.policy
-rw-rw-r--. 1 root root 3713 Jun 25 10:48 catalina.properties
-rw-rw-r--. 1 root root 1395 Jun 25 10:48 context.xml
-rw-rw-r--. 1 tomcat tomcat 3257 Jun 25 10:48 logging.properties
-rw-rw-r--. 1 root root 6616 Jun 25 10:48 server.xml
-rw-rw-r--. 1 root root 1462 Jun 25 10:51 tomcat6.conf
-rw-rw-r--. 1 root tomcat 1511 Aug 31 14:31 tomcat-users.xml
-rw-rw-r--. 1 root root 50475 Jun 25 10:48 web.xml

On RHEL 6.0:

# ls -al | grep tomcat
drwxr-xr-x. 3 root tomcat 4096 Sep 13 14:46 tomcat6

# ls -al tomcat6/
total 108
drwxr-xr-x. 3 root tomcat 4096 Sep 13 14:46 .
drwxr-xr-x. 87 root root 4096 Sep 13 15:09 ..
drwxr-xr-x. 3 root tomcat 4096 Sep 13 14:46 Catalina
-rw-r--r--. 1 root root 8945 Aug 13 2010 catalina.policy
-rw-r--r--. 1 root root 3713 Aug 13 2010 catalina.properties
-rw-r--r--. 1 root root 1395 Aug 13 2010 context.xml
-rw-r--r--. 1 root root 547 Aug 13 2010 log4j.properties
-rw-r--r--. 1 root root 3257 Aug 13 2010 logging.properties
-rw-r--r--. 1 root root 6616 Aug 13 2010 server.xml
-rw-r--r--. 1 root root 1462 Aug 13 2010 tomcat6.conf
-rw-rw-r--. 1 root tomcat 1383 Aug 13 2010 tomcat-users.xml
-rw-r--r--. 1 root root 50475 Aug 13 2010 web.xml
athmane

athmane

2011-10-10 17:18

developer   ~0013508

This seems to be fixed with the new tomcat6 update (6.0.24-33) from 6.0 CR (which will be included in 6.1)

# rpm -q tomcat6 tomcat6-webapps tomcat6-admin-webapps
tomcat6-6.0.24-33.el6.noarch
tomcat6-webapps-6.0.24-33.el6.noarch
tomcat6-admin-webapps-6.0.24-33.el6.noarch

# ls -la /etc/tomcat6/
total 108
drwxrwxr-x. 3 root tomcat 4096 Oct 10 18:09 .
drwxr-xr-x. 86 root root 4096 Oct 10 18:09 ..
drwxrwxr-x. 3 root tomcat 4096 Oct 10 18:09 Catalina
-rw-rw-r--. 1 root root 8945 Jul 20 12:41 catalina.policy
-rw-rw-r--. 1 root root 3713 Jul 20 12:41 catalina.properties
-rw-rw-r--. 1 root root 1395 Jul 20 12:41 context.xml
-rw-rw-r--. 1 root root 547 Jul 20 12:44 log4j.properties
-rw-rw-r--. 1 root root 3257 Jul 20 12:41 logging.properties
-rw-rw-r--. 1 root root 6616 Jul 20 12:41 server.xml
-rw-rw-r--. 1 root root 1755 Jul 20 12:44 tomcat6.conf
-rw-rw-r--. 1 root tomcat 1383 Jul 20 12:41 tomcat-users.xml
-rw-rw-r--. 1 root root 50475 Jul 20 12:41 web.xml
JohnnyHughes

JohnnyHughes

2011-12-06 15:43

administrator   ~0013874

fixed in 6.1

Issue History

Date Modified Username Field Change
2011-09-08 02:44 sidney New Issue
2011-09-08 15:55 toracat Note Added: 0013208
2011-09-08 15:56 toracat Tag Attached: QA-6.1
2011-09-13 15:16 athmane Note Added: 0013240
2011-10-10 17:18 athmane Note Added: 0013508
2011-11-27 14:12 athmane Status new => feedback
2011-12-06 15:43 JohnnyHughes Note Added: 0013874
2011-12-06 15:43 JohnnyHughes Status feedback => resolved
2011-12-06 15:43 JohnnyHughes Fixed in Version => 6.1
2011-12-06 15:43 JohnnyHughes Resolution open => fixed