<div dir="ltr"><div dir="ltr">Hi,</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 1, 2019 at 8:36 AM Thorsten Glaser <<a href="mailto:t.glaser@tarent.de" target="_blank">t.glaser@tarent.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi again Felipe,<br>
<br>
> If you ship this, there is no need for a LogsDirectory= entry.<br>
<br>
But I probably do need to add it with ReadWritePaths if we use<br>
ProtectSystem=strict, correct?<br></blockquote><div><br></div><div>Correct. </div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<a href="https://salsa.debian.org/java-team/tomcat9/commit/5556481b345049f32720e20d22a072ebd9b865fa" rel="noreferrer" target="_blank">https://salsa.debian.org/java-team/tomcat9/commit/5556481b345049f32720e20d22a072ebd9b865fa</a></blockquote><div><br></div><div>Thanks for linking to the full file. I had not noticed that the unit used a specific User. This means a root-owned /var/log/tomcat9 is not going to be writable by tomcat. You should probably set it to tomcat9:adm, or add an appropriate acl (tmpfiles can do it with a `a+` line).</div><div><br></div><div>Additionally, you might want to add `RequiresMountsFor=/var/log/tomcat9 /var/lib/tomcat9`, in case the admin has moved those dirs to a separate mount.</div></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="m_5958824215113049172gmail_signature"><br>Saludos,<br>Felipe Sateler</div></div>