问题
I'm trying to run a multi-instance configuration of tomcat7 on centos. I have installed tomcat with
yum install tomcat
which works when started with
systemctl start tomcat.service
Following the readme I created a copy of the catalina base directory structure which originally was located in /var/lib/tomcats/name, but has since moved
drwxr-xr-x. 7 tomcat tomcat 69 Jul 17 16:16 .
drwxr-xr-x. 3 tomcat tomcat 23 Jul 17 15:50 ..
drwxr-xr-x. 4 tomcat tomcat 231 Jul 17 15:52 conf
drwxrwx---. 2 tomcat tomcat 4096 Jul 18 09:36 logs
drwxrwx---. 2 tomcat tomcat 6 Apr 10 20:38 temp
drwxrwxr-x. 7 tomcat tomcat 83 Jul 16 14:07 webapps
drwxrwx---. 3 tomcat tomcat 22 Jul 16 14:11 work
This folder structure now lives in /tomcat/tomcats/instance1/ as I'm trying to play with permissions.
On startup of instance using
systemctl start tomcat@instance1.service
This fails in
journalctl -u tomcat@instance1.service
Jul 18 10:00:09 tomcat-server systemd[1]: Started Apache Tomcat Web Application Container.
Jul 18 10:00:09 tomcat-server systemd[1]: Starting Apache Tomcat Web Application Container...
Jul 18 10:00:09 tomcat-server server[5142]: Java virtual machine used: /usr/lib/jvm/jre/bin/java
Jul 18 10:00:09 tomcat-server server[5142]: classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
Jul 18 10:00:09 tomcat-server server[5142]: main class used: org.apache.catalina.startup.Bootstrap
Jul 18 10:00:09 tomcat-server server[5142]: flags used:
Jul 18 10:00:09 tomcat-server server[5142]: options used: -Dcatalina.base=/tomcat/tomcats/instance1 -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat/temp -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
Jul 18 10:00:09 tomcat-server server[5142]: arguments used: start
Jul 18 10:00:09 tomcat-server server[5142]: Jul 18, 2018 10:00:09 AM org.apache.catalina.startup.Catalina load
Jul 18 10:00:09 tomcat-server server[5142]: WARNING: Unable to load server configuration from [/tomcat/tomcats/instance1/conf/server.xml]
Jul 18 10:00:09 tomcat-server server[5142]: Jul 18, 2018 10:00:09 AM org.apache.catalina.startup.Catalina load
Jul 18 10:00:09 tomcat-server server[5142]: WARNING: Unable to load server configuration from [/tomcat/tomcats/instance1/conf/server.xml]
Jul 18 10:00:09 tomcat-server server[5142]: Jul 18, 2018 10:00:09 AM org.apache.catalina.startup.Catalina start
Jul 18 10:00:09 tomcat-server server[5142]: SEVERE: Cannot start server. Server instance is not configured.
Jul 18 10:00:09 tomcat-server server[5171]: Java virtual machine used: /usr/lib/jvm/jre/bin/java
Jul 18 10:00:09 tomcat-server server[5171]: classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
Jul 18 10:00:09 tomcat-server server[5171]: main class used: org.apache.catalina.startup.Bootstrap
Jul 18 10:00:09 tomcat-server server[5171]: flags used:
Jul 18 10:00:09 tomcat-server server[5171]: options used: -Dcatalina.base=/tomcat/tomcats/instance1 -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat/temp -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
Jul 18 10:00:09 tomcat-server server[5171]: arguments used: stop
Jul 18 10:00:10 tomcat-server server[5171]: Jul 18, 2018 10:00:10 AM org.apache.catalina.startup.Catalina stopServer
Jul 18 10:00:10 tomcat-server server[5171]: SEVERE: Catalina.stop:
Jul 18 10:00:10 tomcat-server server[5171]: java.io.FileNotFoundException: /tomcat/tomcats/instance1/conf/server.xml (Permission denied)
Jul 18 10:00:10 tomcat-server server[5171]: at java.io.FileInputStream.open0(Native Method)
Jul 18 10:00:10 tomcat-server server[5171]: at java.io.FileInputStream.open(FileInputStream.java:195)
Jul 18 10:00:10 tomcat-server server[5171]: at java.io.FileInputStream.<init>(FileInputStream.java:138)
Jul 18 10:00:10 tomcat-server server[5171]: at org.apache.catalina.startup.Catalina.stopServer(Catalina.java:466)
Jul 18 10:00:10 tomcat-server server[5171]: at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Jul 18 10:00:10 tomcat-server server[5171]: at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
Jul 18 10:00:10 tomcat-server server[5171]: at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Jul 18 10:00:10 tomcat-server server[5171]: at java.lang.reflect.Method.invoke(Method.java:498)
Jul 18 10:00:10 tomcat-server server[5171]: at org.apache.catalina.startup.Bootstrap.stopServer(Bootstrap.java:343)
Jul 18 10:00:10 tomcat-server server[5171]: at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
Jul 18 10:00:10 tomcat-server systemd[1]: tomcat@instance1.service: control process exited, code=exited status=1
Jul 18 10:00:10 tomcat-server systemd[1]: Unit tomcat@instance1.service entered failed state.
Jul 18 10:00:10 tomcat-server systemd[1]: tomcat@instance1.service failed.
The key issue being
Jul 18 10:00:10 tomcat-server server[5171]: java.io.FileNotFoundException: /tomcat/tomcats/instance1/conf/server.xml (Permission denied)
I can login as the tomcat user and read the server.xml file. I can change the tomcat user to root and start tomcat@instance1.service successfully but cannot figure out why I'm getting permission denied on startup with the tomcat user. Any help would be much appreciated.
conf folder permissions
drwxr-xr-x. 4 tomcat tomcat 231 Jul 17 15:52 .
drwxr-xr-x. 7 tomcat tomcat 69 Jul 17 16:16 ..
drwxrwxr-x. 3 tomcat tomcat 23 Jul 16 11:13 Catalina
-rw-r--r--. 1 tomcat tomcat 13443 Apr 10 20:38 catalina.policy
-rw-r--r--. 1 tomcat tomcat 6496 Apr 10 20:38 catalina.properties
drwxr-xr-x. 2 tomcat tomcat 20 Jul 17 13:51 conf.d
-rw-r--r--. 1 tomcat tomcat 1394 Apr 10 20:38 context.xml
-rw-r--r--. 1 tomcat tomcat 547 Apr 10 20:38 log4j.properties
-rw-r--r--. 1 tomcat tomcat 3288 Apr 10 20:38 logging.properties
-rw-rwxr--. 1 tomcat tomcat 6613 Apr 10 20:38 server.xml
-rw-r--r--. 1 tomcat tomcat 1681 Jul 17 14:27 tomcat.conf
-rw-r-----. 1 tomcat tomcat 2407 Jul 16 14:11 tomcat-users.xml
-rw-r--r--. 1 tomcat tomcat 167655 Apr 10 20:38 web.xml
Update 1 - Folder permissions from root to server.xml are the same all the way through /tomcat/tomcats/instance1/conf/server.xml
drwxr-xr-x. 3 tomcat tomcat 21 Jul 17 16:39 tomcat
drwxr-xr-x. 3 tomcat tomcat 23 Jul 17 15:50 tomcats
drwxr-xr-x. 7 tomcat tomcat 69 Jul 17 16:16 instance1
drwxr-xr-x. 4 tomcat tomcat 231 Jul 17 15:52 conf
-rw-rwxr--. 1 tomcat tomcat 6613 Apr 10 20:38 server.xml
Update 2 - /usr/lib/systemd/system/tomcat@.service. No changes have been made here
# Systemd unit file for tomcat instances.
#
# To create clones of this service:
# 0. systemctl enable tomcat@name.service
# 1. create catalina.base directory structure in
# /var/lib/tomcats/name
# CHANGED TO /tomcat/tomcats/name due to permissions
# 2. profit.
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
[Service]
Type=simple
EnvironmentFile=/etc/tomcat/tomcat.conf
Environment="NAME=%I"
EnvironmentFile=-/etc/sysconfig/tomcat@%I
ExecStart=/usr/libexec/tomcat/server start
ExecStop=/usr/libexec/tomcat/server stop
SuccessExitStatus=143
User=tomcat
[Install]
WantedBy=multi-user.target
/etc/tomcat/tomcat.conf changed TOMCATS_BASE to /tomcat/tomcats which is joined with the instance name if CATALINA_BASE doesn't exist
# System-wide configuration file for tomcat services
# This will be loaded by systemd as an environment file,
# so please keep the syntax. For shell expansion support
# place your custom files as /etc/tomcat/conf.d/*.conf
#
# There are 2 "classes" of startup behavior in this package.
# The old one, the default service named tomcat.service.
# The new named instances are called tomcat@instance.service.
#
# Use this file to change default values for all services.
# Change the service specific ones to affect only one service.
# For tomcat.service it's /etc/sysconfig/tomcat, for
# tomcat@instance it's /etc/sysconfig/tomcat@instance.
# This variable is used to figure out if config is loaded or not.
TOMCAT_CFG_LOADED="1"
# In new-style instances, if CATALINA_BASE isn't specified, it will
# be constructed by joining TOMCATS_BASE and NAME.
TOMCATS_BASE="/tomcat/tomcats/"
#TOMCATS_BASE="/var/tomcats/"
# Where your java installation lives
JAVA_HOME="/usr/lib/jvm/jre"
# Where your tomcat installation lives
CATALINA_HOME="/usr/share/tomcat"
# System-wide tmp
CATALINA_TMPDIR="/var/cache/tomcat/temp"
# You can pass some parameters to java here if you wish to
#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
# Use JAVA_OPTS to set java.library.path for libtcnative.so
#JAVA_OPTS="-Djava.library.path=/usr/lib"
# You can change your tomcat locale here
#LANG="en_US"
# Run tomcat under the Java Security Manager
SECURITY_MANAGER="false"
# Time to wait in seconds, before killing process
# TODO(stingray): does nothing, fix.
# SHUTDOWN_WAIT="30"
# If you wish to further customize your tomcat environment,
# put your own definitions here
# (i.e. LD_LIBRARY_PATH for some jdbc drivers)
回答1:
This has nothing to do with the Tomcat configuration. It is the SELinux on RHEL and CentOS boxes preventing the read write permissions on folders not associated with default tomcat installation. To fix this, install the SELinux management tool and set permissive for tomcat_t SELinux type.
yum install selinux-policy-devel
semanage permissive -a tomcat_t
来源:https://stackoverflow.com/questions/51407845/multi-instance-tomcat-server-xml-permission-denied