Bug#960931: tomcat9 cannot deploy war files (applications) in sub-directories of his directory catalina_home directory (/var/lib/tomcat9) when tomcat9 is in virtualhost mode

Mathieu HETRU mathieu.hetru at univ-lille.fr
Tue Nov 24 15:49:47 GMT 2020 

Thanks !

I have verified and it is ok, i can close my bug report.

Best regards,


Université de Lille

*Mathieu HETRU*
Responsable du bureau missions transversales

Université de Lille - Campus Cité Scientifique
Direction des Systèmes d'Information
Service Intégration / Exploitation
Cellule missions transversales

Bureau 47 - Bâtiment A3
Domaine universitaire de la Cité Scientifique
Avenue Carl Von Limé
BP 90179 59653 Villeneuve d'Ascq

Tél. :+33 (0)3 62 26 83 81 (numéro interne : 68381)

mathieu.hetru at univ-lille.fr <mailto:mathieu.hetru at univ-lille.fr> *|* 
www.univ-lille.fr <http://www.univ-lille.fr>
Le 24/11/2020 à 08:56, Emmanuel Bourg a écrit :
> Hi Mathieu,
>
> Le 18/05/2020 à 15:26, Mathieu HETRU a écrit :
>
>> So each virtualhost in server.xml got one webapps directory under
>> catalina_home (/var/lib/tomcat9).
>>
>> But tomcat9 cannot deploy war files (applications) because the unix user
>> "tomcat" cannot have access read-write under /var/lib/tomcat9.
> The tomcat user isn't allowed to write to /var/lib/tomcat9 because we
> want to prevent a malicious or compromised web application from altering
> the Tomcat configuration. So you have to customize the systemd
> configuration for the tomcat9 service as you've figured out.
>
>
>> I have found the solution with adding this line :
>>
>> ReadWritePaths=/var/lib/tomcat9/
>>
>> in the systemctl file service of tomcat9
>> /usr/lib/systemd/system/tomcat9.service
>>
>> and systemctl daemon-reload
>>
>> But, when an update of debian occured on tomcat9 package, i lost my
>> modification.
> /usr/lib/systemd/system/tomcat9.service belongs to the package and
> should not be modified. Custom settings go to a conf file under
> /etc/systemd/system/tomcat9.service.d/, you can look at the
> README.Debian file for an example.
>
> Emmanuel Bourg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20201124/e3037378/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hpjeoldgapllcajj.png
Type: image/png
Size: 10791 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20201124/e3037378/attachment.png>

More information about the pkg-java-maintainers mailing list