when i am running my spring application in tomcat using .sh file in init-container in kubernetes and i have set runAsUser : 1337 in security context of the init-container in deployment.yaml file.
it gives
cp: cannot create regular file '/usr/java/openjdk-11/conf/security/java.security.bak': permission denied
and
sed: couldn't open temporary file '': permission denied.
i have used chmod to change permission but facing below issue
chmod: changing permissions of '/opt/jdk/conf/security/java.security': Operation not permitted
also facing
/startup.sh: line 3: exec: catalina.sh: not found
my .sh file (after adding chmod)
chmod -R 766 ${JAVA_HOME}/conf/security
/add-jce-provider.sh ${JAVA_HOME}/conf/security/java.security;
exec catalina.sh run;
If you're not able to write to the directory, then it is possible that:
the directory has the immutable flag enabled. check with lsattr.
the directory is mounted with read-only permissions: type in
terminal: cat /proc/mounts (or mount or cat /etc/mtab)
and check the output, if directory is mounted read-only.
If you are in the first case, change the directory attributes with chattr;
remove immutable flag on file or directory chattr -i <file/dir>
adding immutable flag on file or directory again chattr +i <file/dir>
If you're in the latter case, edit the file /etc/fstab.
Related
Situation: During the build process of an azure pipeline i use the JavaToolInstaller on a self hosted agent and it places "java/JAVA_HOME_8_x64_" in the directory
Background: I dont believe this to be a permission issue when i have applied full permissions to that directory and created it for the build process
Assessment: Has anyone see this issue before?
Steps to reproduce - host onsite agent
JavaToolInstaller
- task: JavaToolInstaller#0
inputs:
versionSpec: '8'
jdkArchitectureOption: 'x64'
jdkSourceOption: 'LocalDirectory'
jdkFile: '/opt/jdk-8u251-linux-x64.tar.gz'
jdkDestinationDirectory: '/opt/java'
cleanDestinationDirectory: true
condition: eq( variables['Agent.OS'], 'Linux' )
Error during build
Cleaning destination folder before extraction: /opt/java
Retrieving the JDK from local path.
##[warning]Can\'t find loc string for key: ExtractingArchiveToPath
ExtractingArchiveToPath /opt/java/JAVA_HOME_8_x64_jdk-8u251-linux-x64_tar.gz
Creating destination folder: /opt/java/JAVA_HOME_8_x64_jdk-8u251-linux-x64_tar.gz
##[error]Unable to create directory '/opt/java/JAVA_HOME_8_x64_jdk-8u251-linux-x64_tar.gz'. EACCES: permission denied, mkdir '/opt/java/JAVA_HOME_8_x64_jdk-8u251-linux-x64_tar.gz'
##[error]Unable to create directory '/opt/java/JAVA_HOME_8_x64_jdk-8u251-linux-x64_tar.gz'. EACCES: permission denied, mkdir '/opt/java/JAVA_HOME_8_x64_jdk-8u251-linux-x64_tar.gz'
Finishing: JavaToolInstaller
According to the error message, it seems that you do not have permission to write this file. Please check it and ensure that you have w and r permission for this folder
Steps:
Locate the file jdk-8u251-linux-x64.tar.gz->right-click on the icon->select Properties->click the tab permission then check the account permission
Or use the cmd ls –l {file name} to check the folder permission, then run the cmd chmod [permission] [file_name] to update the permission
Please refer this link for more details: How to change directory permissions in Linux
I want to enable jmx on a java process to connect it with Visual VM.
I have placed following jvm parameters at startup:
# JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote"
# JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.port=$JMX_PORT"
# JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.password.file=$JMXREMORT_PASSWORD"
# JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.ssl=false"
I have been told that jmxremote.password file should have 600 as file permission set to it. But the issue is that deployment is done via admin user and run user is part of same group as admin. So giving 600 implies that run user is not able to access the file.
I tried changing permission to 660 but it didn't help and i got this error:
"Error: Password file read access must be restricted"
Any suggestion?
The jmxremote.password has to have owner set to the same as the user/service which started the java runtime (it can be checked in the services under "Log On As"). So make sure you set the access and the password's before you change the permissions.
Note: The access and password file should not have permissions given to any other user/service. It should only contain the owner. Otherwise you will get an error saying Read access must be restricted
I'm trying to run Jetty on CentOS and am having problems as I am getting unexpected results when I try to set the full path for JETTY_LOGS. The system tries to take that path and append it to the path I specified in the JETTY_HOME variable.
JETTY_HOME=/usr/local/jetty/jetty-9.1.4
JETTY_USER=jetty
JETTY_PORT=8085
JETTY_HOST=0.0.0.0
JETTY_LOGS=/usr/local/jetty/jetty-9.1.4/logs
Any ideas as to what I'm doing wrong?
The error I get is:
Starting Jetty: java.io.IOException: Cannot write start.log to directory
/usr/local/jetty/jetty-9.1.4/usr/local/jetty/jetty-9.1.4/logs [directory doesn't exist or is read-only]
java.io.IOException: Cannot write start.log to directory /usr/local/jetty/jetty-9.1.4/usr/local/jetty/jetty-9.1.4/logs [directory doesn't exist or is read-only]
at org.eclipse.jetty.start.StartLog.initLogFile(StartLog.java:127)
at org.eclipse.jetty.start.StartLog.initialize(StartLog.java:113)
at org.eclipse.jetty.start.Main.processCommandLine(Main.java:520)
at org.eclipse.jetty.start.Main.main(Main.java:102)
It seems that JETTY_LOG directory is relative to JETTY_HOME.
Could you try to set:
JETTY_LOGS=/logs
or alternatively
JETTY_HOME=/usr/local/jetty/jetty-9.1.4/
JETTY_LOGS=logs
You're not doing anything wrong, this is new behavior in jetty 9.1.4:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=432192
Workaround is to set the JETTY_LOGS env var relative to your jetty base dir (like the logs dir that comes in the standard jetty tarball):
JETTY_LOGS=logs
Which will resolve to /usr/local/jetty/jetty-9.1.4/logs in your case (the jetty base dir defaults to the jetty home dir).
If you want the logs written somewhere outside of your jetty base dir, the best way is to use the above JETTY_LOGS=logs env setting, and just symlink the dir elsewhere; like this to create and link to the common /var/log/jetty dir:
# mv /usr/local/jetty/jetty-9.1.4/logs /var/log/jetty
# ln -s /var/log/jetty /usr/local/jetty/jetty-9.1.4/logs
Whatever you do, also make sure that the user as which you run jetty has write access to the logs dir; if you use the jetty user in the jetty group, make it the owner of your logs dir:
# chown -R jetty:jetty /var/log/jetty
In my project, I have a special JSP which displays the exception stacktrace in case of Exceptions.
Is there a way to use an URL handler or something else which would have Eclipse open a file? Maybe with xdg-open?
I use Eclipse 4.3 on Kubuntu Linux.
I've ended up with this solution:
Edit xdebug.ini (it should be somewhere like /etc/php/7.0/mods-available/xdebug.ini), add:
xdebug.file_link_format="xdebug://%f(%l)"
Restart your server or php-fpm. For Apache on Ubuntu use sudo service apache2 restart.
Create eclipse-launch.sh. It is intended to parse URL and pass a file to Eclipse. You can name it as you want and put it anywhere you want, I've placed it in the eclise directory. Be sure to replace /home/user with your actual home directory and path="..." with actual eclipse path:
#! /bin/bash
arg=$1
path="/home/user/eclipse/eclipse-neon/"
# file name directly followed by a line number in parenthesis
regex="//([^(]*)\(([0-9]+)\)"
if [[ $arg =~ $regex ]]
then
file=${BASH_REMATCH[1]}
line=${BASH_REMATCH[2]}
$path/eclipse --launcher.openFile "$file"+"$line"
else
msg="Unsupported URL: $arg"
zenity --info --text="$msg"
# alternatives:
# notify-send "$msg" # another notification program
# $path/eclipse # just run eclipse
fi
Read more about Eclipse command line options here: http://help.eclipse.org/mars/index.jsp?topic=/org.eclipse.platform.doc.isv/guide/product_open_file.htm
Give the file executable permissions: chmod +a eclipse-launch.sh
Create xdebug.desktop at ~/.local/share/applications/. It will be used by xdg-open (Chrome uses xdg-open by default).
[Desktop Entry]
Comment=
Exec=/home/user/eclipse/eclipse-neon/eclipse-launch.sh "%u"
Icon=/home/user/eclipse/eclipse-neon/eclipse/icon.xpm
Name=Eclipse xdebug Launch
NoDisplay=false
StartupNotify=true
Terminal=0
TerminalOptions=
Type=Application
MimeType=x-scheme-handler/xdebug;
Run xdg-mime default xdebug.desktop x-scheme-handler/xdebug. This should add an entry to ~.local/share/applications/mimeapps.list to [Default Applications] section. The entry itself should look like x-scheme-handler/xdebug=xdebug.desktop
For Firefox follow instructions from here: https://xdebug.org/docs/all_settings#file_link_format
Open about:config
Add a new boolean setting network.protocol-handler.expose.xdebug and set it to false
The first time you click on xdebug:/// link Firefox will prompt you to select an application to run, point to the created eclipse-launch.sh file.
i try to check the permission granted to a directory in linux, i mean i have a directory with permission 755
berty#berty-laptop:~$ ls -l / |grep directory
drwxr-xr-x 3 root root 4096 2011-01-10 12:33 directory
how can i read that permission with java? I've tried using FilePermission but though i have a directory with all the permissions (777) the FilePermission class always returns an exception
java.security.AccessControlException: Access denied (java.io.FilePermission /home/directory read)
at java.security.AccessController.checkPermission(AccessController.java:103)
at com.snippets.Check4DirectoryPermission.checker(Check4DirectoryPermission.java:50)
at com.snippets.Check4DirectoryPermission.main(Check4DirectoryPermission.java:70)
is there another way to do this?
java.io.File.canRead(), where the file instance is the one representing the dir
Returns:
true if and only if the file specified by this abstract pathname exists and can be read by the application; false otherwise
I think you made a mistake: The ls command shows the existence of /directory, but the Java code complaints about /home/directory - which does not exist unless you have a user called directory.
From your stack trace, I assume that you are creating a FilePermission object yourself and hand it over to AccessController.checkPermission(). This is not how it is used - the FilePermission class does NOT represent the filesystem permissions and does NOT check them. It is used by Java's SecurityManager only, e.g. it looks whether the policy file contains rules that allow the application to access the file. Whether the local file system supports permissions or not is not its concern.
As Bozho suggest, you create a java.io.File() object and use the canXXX() methods to check whether you can access the folder or file.
If you need more detailed information about filesystem-level permissions on a file, you need to wait for Java 7. See the Java NIO.2 Tutorial especially the java.nio.file.attributepackage.