a lots of (Permission denied) in catalina.out

Question

How can i install Apache web server and Apache tomcat to avoid get errors like this:

java.io.FileNotFoundException: /usr/local/apache-tomcat-7.0.5/work/Catalina/localhost/_/SESSIONS.ser (Permission denied)

in /usr/local/apache-tomcat-7.0.5/logs/catalina.out

I think I should do something for Apache user, because when I chmod 777 -R ./ on tomcat folder all errors disappear.

Answer 1

Can't vouch for the security of doing so, but

$ cd /usr/local/tomcat/ #or /usr/shared/tomcat6, whatever your $TOMCAT_BASE dir
$ chown -R tomcat6 webapps temp logs work conf
$ chmod -R 777 webapps temp logs work conf

works a treat for these situations.

My tomcat install was borked with permission errors, but throwing open the gates thusly fixed everything.

Answer 2

$ chmod -R 777 webapps temp logs work conf

Is VERY dangerous, do not do it, did I write "not do it" ? DO NOT DO IT! Guess where your tomcat-users.xml is with your usernames and plain-text passwords ?

Giving world read-write-execute anywhere on UNIX except /tmp (and even then, in prod, NEVER do that either) is plain stupid. And, it makes your first line, chown -R tomcat6 completely useless.

make sure tomcat runs as tomcat7 (it is tomcat6 for tomcat 6) and simply do:

$ cd $TOMCAT_BASE
$ chown -R tomcat7:tomcat7 webapps temp logs work conf
$ chmod -R 660 webapps temp logs work conf

[EDIT] changed 770 to 660 following comment, because the files in question need not be executed.

If you want to be able to read, write, or execute stuff there, add yourself to the tomcat7 group.

Answer 3

Ran into a similar situation like this with an older Tomcat-6 implementation...

...
SEVERE: Error deploying web application directory host-manager
java.io.FileNotFoundException: /opt/tomcat-6/conf/Catalina/localhost/host-manager.xml (Permission denied)
...

And, the webapp XMLs were all there and the ownership and permissions were all "tomcat:tomcat" and "644".

For me, the solution was to set the overall permissions to what Tomcat prefers, namely "0755".

And, as a note for the security-conscious, the server.xml for that implementation is using a JDBC Realm for authentication, so we don't even use tomcat-users.xml. So, it is the default file that comes with the installation and even commented out the default user accounts within it (e.g. "tomcat" and "manager"). I know in Tomcat-7, the accounts in tomcat-users.xml are commented by default.

HTH.