The problem
I installed and configured Tomcat on my Linux Mint for use in IntelliJ.
In the configuration process, I gave permissions, for security reasons, to a new user group (named tomcat) and to another new user (also named tomcat).
I did it because of some tutorials like the one from Digital Ocean that says:
For security reasons, you should NOT run tomcat using root user. We shall create a non-login user called tomcat (in group tomcat) to run the server.
So, i executed:
$ sudo chgrp -R tomcat /opt/tomcat
$ sudo chmod -R g+r conf
$ sudo chmod g+x conf
$ sudo chown -R tomcat webapps/ work/ temp/ logs/
So my folder looks like this:
However, when I run Tomcat, I get the following error:
org.apache.catalina.startup.ContextConfig.beforeStart Exception fixing docBase for context [/edi]
java.io.IOException: Unable to create the directory [/opt/tomcat/apache-tomcat-9.0.33/webapps/edi]
What i've tried
As the error implies that it is something related to user permissions, I gave permission to everyone in the folder /opt/tomcat/apache-tomcat-9.0.33 using:
$ sudo chmod -R 777
The doubt
I would like to know what I can do to keep the permission settings for security and at the same time run Tomcat via IntelliJ.
Can I force IntelliJ to run with the user tomcat? If so, how can I do it?
Related
I am running the this on corretto 8 running on amazon linux 2/2.3.13..
it gets the error as "An error occurred during the execution of command [app-deploy] - [CheckProcFileForJavaApllication]. Stop ruuning the command. Error: There is no profile and .jar file at the root level of your source bundle.
The commands while deployment are prestep
cd $WORKSPACE
echo "Downloading the tagged zip file"
/usr/local/bin/s3cmd get s3://prod-bucket/directory/java-app/$tag.zip
mv $tag.zip vet.zip
unzip vet.zip
rm vet.zip
Post step command
mkdir my_folder;
cp -R .ebextensions my_folder;
cp Procfile.txt my_folder;
cp version.txt my_folder;
cp target/edddpub-parser-0.0.1-SNAPSHOT.jar my_folder;
zip -r my_dir.zip my_folder;
It used to work on Linux1 but i want to run it on Linux2
Below is my zip structure:
.ebextensions
5dantarceDownload
6danttraceInstallAndPost
7crowdsrtike_linux2
nginx_restart_post_hook
.platform
nginx
conf.d
myconf.conf
linux2 is vastly different from linux1 and is incompatible with it. Yo may probably need to fully re-design your application to work with linux2. Please check AWS docs:
Migrating your Elastic Beanstalk Linux application to Amazon Linux 2
When on my Linux machine using tomcat for a java web application and I run an application from tomcat, the server did not able to create a folder inside another folder in my home like home/manusingh/webbee/ through the application.
I was writing a command on terminal like-
[root#localhost manusingh]# chmod -R 755 webbee2
[root#localhost manusingh]# chown -R nobody.nobody webbee2
netsuiteCredentials.HOME_PATH=/home/manusingh/webbee2/
//java code trying to create file on machine
File hmsFolder =new File(netsuiteCredentials.HOME_PATH+"HMS");
if(!hmsFolder.exists()) {
System.out.println("hms folder not exists");
hmsFolder.mkdirs();
}
File credentialsFolder =new File(netsuiteCredentials.HOME_PATH+"credentials");
if(!credentialsFolder.exists()) {
System.out.println("credential folder not exists");
credentialsFolder.mkdirs();
}
Yes it is happening because you don't have permission for that directory.
Run below command to give permission for any directory.
sudo chmod 777 -R /folderPath
Refer this : How do I change permissions for a folder and all of its subfolders and files in one step in Linux?
I need to write a tomcat service to run tomcat after pc restart.
The problem is that when I run tomcat by tomcat user, resources (images, files etc) from /root/project directory is not loaded in project.
All works when I run tomcat server under the root user.
OS: CentOS 7
My actions:
groupadd tomcat
useradd -M -s /bin/nologin -g tomcat -d /opt/tomcat tomcat
chgrp -R tomcat /opt/tomcat
cd /opt/tomcat
chmod -R g+r conf
chmod g+x conf
chown -R tomcat webapps/ work/ temp/ logs/
I am using port forwarding to redirect from 443 to 8443 port in tomcat.
Only uploaded files and images are located in /root/project directory.
How can I provide an access for resources directory outside webapps (/root/project) for non-root user?
Simple solution:
Do not use root home folder (/root) for non-root user (tomcat)
You can create directory for uploaded files inside of tomcat directory, but outside webapps, e.g.:
/opt/tomcat/project
I have written jenkins job for deploying my package into one of my servers. Am using debian package management system. Am updating all the packages of machine by sudo apt-get update command and installing the required package by sudo apt-get install package_name in a deployment_script (where we make .deb file and specify servers to install). Also am copying the script am using to start / stop package to /etc/init.d/package_name. This script can take parameters start / stop. In my debian postinst script I have mentioned /etc/init.d/package_name start to start the package. For deploying I'll just trigger the jenkins job and give deployment_script to the job. It can install package, then calling postinst script where it restart service properly as well in the intended machine. But while exiting postinst script the restarted service getting killed. Any help on finding the reason and how to fix it?
Am starting my service like sudo -u user_name java -server some_vm_options with jar of the package, configs > /dev/null &.
I just changed it to sudo -u user_name nohup java -server some_vm_options with jar of the package, configs > /dev/null &. Now my started service doesn't get killed.
I am attempting to start a jar from a systemd service, in linux. The jar that I am executing assumes that within the current directory, there is an xml file. I am passing the name of that file, with the -config argument. The sample service I have created is below:
[Unit]
Description=my service
After=network.target
[Service]
Type=simple
Environment="xml_file_name=sample.xml"
ExecStart=/usr/bin/java -jar /path/to/jar/myapp.jar -config ${xml_file_name}
The service file above is placed in the /usr/lib/systemd/system directory, and is called myservice.service. I am doing the following commands to start it:
systemctl daemon-reload
systemctl stop myservice.service
systemctl start myservice.service
systemctl status myservice.service
The systemctl status myservice.service command shows that the jar file ran, but my application says that it cannot find ${xml_file_name}.
In addition, my jar states that it was executed from the / directory. I believe that this is part of the problem, because the ${xml_file_name} is only applicable in the /path/to/jar/ directory.
Things tried:
-Xbootclasspath/p:"/path/to/jar/": prepend the path of the jars
location, so that maybe the ${xml_file_name} can be seen.
changed the /path/to/jar/ to make sure it has all possible permissions enabled
I tried to add User=root under the [Service] section of my systemd service, but it made no change. Either way, only root user is on the machine, and the permissions all seem to check out.
What makes this even more strange is that if I cd to / , and then manually execute:
/usr/bin/java -jar /path/to/jar/myapp.jar -config sample.xml
everything words just fine.
Is there something evident that I am missing here? Is it possible to tell systemd service, execute this java jar, but make sure that the working path is /path/to/jar/ as opposed to / ?
To solve this, I ended up using the following attribute under the [Service] section:
[Service]
...
WorkingDirectory=/path/to/jar
ExecStart=/usr/bin/java -jar my.jar -config sample.xml
Solved the problem!
Try following:
cd /path/to/jar && /usr/bin/java -jar /path/to/jar/myapp.jar -config sample.xml
If you use && in Linux like systems, it combines the two commands in the way the second will be executed only after the first will be executed successfully. So basically it would first change the working directory and then run the java jar command from the changed directory, which could have solved the problem.