Bug#960931: tomcat9 cannot deploy war files (applications) in sub-directories of his directory catalina_home directory (/var/lib/tomcat9) when tomcat9 is in virtualhost mode
Emmanuel Bourg
ebourg at apache.org
Tue Nov 24 07:56:21 GMT 2020
Hi Mathieu,
Le 18/05/2020 à 15:26, Mathieu HETRU a écrit :
> So each virtualhost in server.xml got one webapps directory under
> catalina_home (/var/lib/tomcat9).
>
> But tomcat9 cannot deploy war files (applications) because the unix user
> "tomcat" cannot have access read-write under /var/lib/tomcat9.
The tomcat user isn't allowed to write to /var/lib/tomcat9 because we
want to prevent a malicious or compromised web application from altering
the Tomcat configuration. So you have to customize the systemd
configuration for the tomcat9 service as you've figured out.
> I have found the solution with adding this line :
>
> ReadWritePaths=/var/lib/tomcat9/
>
> in the systemctl file service of tomcat9
> /usr/lib/systemd/system/tomcat9.service
>
> and systemctl daemon-reload
>
> But, when an update of debian occured on tomcat9 package, i lost my
> modification.
/usr/lib/systemd/system/tomcat9.service belongs to the package and
should not be modified. Custom settings go to a conf file under
/etc/systemd/system/tomcat9.service.d/, you can look at the
README.Debian file for an example.
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list