You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jason Pyeron <jp...@pdinc.us> on 2010/12/07 16:53:18 UTC
Issues on startup for tomcat 5.5 on RHEL 5.5
I am not sure what happened but something changed in the last week and now
tomcat does not want to start up. All my googling points to a selinux or
permission problem. I have reviewed audit.log and verified that the tomcat user
can write, modify and delete file in the directoy. Any suggestion would be
appreciated.
The permissions on /usr/share/tomcat5/conf/ are 775 and owned by root.tomcat.
cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.5 (Tikanga)
cat /var/log/tomcat5/catalina.out
Using CATALINA_BASE: /usr/share/tomcat5
Using CATALINA_HOME: /usr/share/tomcat5
Using CATALINA_TMPDIR: /usr/share/tomcat5/temp Using JRE_HOME:
Dec 7, 2010 10:13:35 AM org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
INFO: The Apache Tomcat Native library which allows optimal performance in
production environments was not found on the java.library.path:
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/server:/usr/lib/jvm
/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-openjdk
-1.6.0.0.x86_64/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:
/lib:/usr/lib
Dec 7, 2010 10:13:35 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080 Dec 7, 2010 10:13:35 AM
org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 502 ms Dec 7, 2010 10:13:35 AM
org.apache.naming.NamingContext lookup
WARNING: Unexpected exception resolving reference
java.io.IOException: IOException writing to
/usr/share/tomcat5/conf/tomcat-users.xml.new
at
org.apache.catalina.users.MemoryUserDatabase.save(MemoryUserDatabase.java:554)
at
org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUser
DatabaseFactory.java:104)
at
org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java
:140)
at
javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:321)
at org.apache.naming.NamingContext.lookup(NamingContext.java:793)
at org.apache.naming.NamingContext.lookup(NamingContext.java:140)
at
org.apache.naming.NamingContextBindingsEnumeration.nextElementInternal(NamingCon
textBindingsEnumeration.java:113)
at
org.apache.naming.NamingContextBindingsEnumeration.next(NamingContextBindingsEnu
meration.java:71)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalR
esourcesLifecycleListener.java:137)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalR
esourcesLifecycleListener.java:109)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.lifecycleEvent(Globa
lResourcesLifecycleListener.java:81)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.ja
va:120)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:693)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.jav
a:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Dec 7, 2010 10:13:35 AM
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener createMBeans
SEVERE: Exception processing Global JNDI Resources
javax.naming.NamingException: IOException writing to
/usr/share/tomcat5/conf/tomcat-users.xml.new
at org.apache.naming.NamingContext.lookup(NamingContext.java:805)
at org.apache.naming.NamingContext.lookup(NamingContext.java:140)
at
org.apache.naming.NamingContextBindingsEnumeration.nextElementInternal(NamingCon
textBindingsEnumeration.java:113)
at
org.apache.naming.NamingContextBindingsEnumeration.next(NamingContextBindingsEnu
meration.java:71)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalR
esourcesLifecycleListener.java:137)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalR
esourcesLifecycleListener.java:109)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.lifecycleEvent(Globa
lResourcesLifecycleListener.java:81)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.ja
va:120)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:693)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.jav
a:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Dec 7, 2010 10:13:35 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Dec 7, 2010 10:13:35 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.23 Dec 7, 2010 10:13:35 AM
org.apache.naming.NamingContext lookup
WARNING: Unexpected exception resolving reference
java.io.IOException: IOException writing to
/usr/share/tomcat5/conf/tomcat-users.xml.new
at
org.apache.catalina.users.MemoryUserDatabase.save(MemoryUserDatabase.java:554)
at
org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUser
DatabaseFactory.java:104)
at
org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java
:140)
at
javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:321)
at org.apache.naming.NamingContext.lookup(NamingContext.java:793)
at org.apache.naming.NamingContext.lookup(NamingContext.java:153)
at
org.apache.catalina.realm.UserDatabaseRealm.start(UserDatabaseRealm.java:253)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1006)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:448)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.jav
a:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Dec 7, 2010 10:13:35 AM org.apache.catalina.realm.UserDatabaseRealm start
SEVERE: Exception looking up UserDatabase under key UserDatabase
javax.naming.NamingException: IOException writing to
/usr/share/tomcat5/conf/tomcat-users.xml.new
at org.apache.naming.NamingContext.lookup(NamingContext.java:805)
at org.apache.naming.NamingContext.lookup(NamingContext.java:153)
at
org.apache.catalina.realm.UserDatabaseRealm.start(UserDatabaseRealm.java:253)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1006)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:448)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.jav
a:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Dec 7, 2010 10:13:35 AM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException: No UserDatabase component found under key UserDatabase
at
org.apache.catalina.realm.UserDatabaseRealm.start(UserDatabaseRealm.java:261)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1006)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:448)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.jav
a:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Dec 7, 2010 10:13:35 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 73 ms
cat /etc/tomcat5/tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/> </tomcat-users>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Issues on startup for tomcat 5.5 on RHEL 5.5
Posted by Jason Pyeron <jp...@pdinc.us>.
> -----Original Message-----
> From: Konstantin Kolinko
> Sent: Wednesday, December 08, 2010 9:35
> To: Tomcat Users List
> Subject: Re: Issues on startup for tomcat 5.5 on RHEL 5.5
>
> 2010/12/8 Jason Pyeron <jp...@pdinc.us>:
> >> > java.io.IOException: IOException writing to
> >> > /usr/share/tomcat5/conf/tomcat-users.xml.new
> >>
> >> What you do not understand in the above message?
> >> Tomcat saves the file to a new name, then renames it.
> >>
> >
> > I understand the message, it says tomcat cannot write that
> file. What
> > I do not understand is how it cannot write that file.
> >
>
> Try to create that file. Maybe that'd give you some additional clue.
> Maybe the file is already there, or maybe Tomcat runs not
> under the user that you are expecting (or that user is non a
> member of the "tomcat" group).
Maybe I forgot to mention in my original post, that the tomcat user can create
and modify files in that directory, further that I checked the selinux log file
while the error was happening and there was no relevant output.
>
> Anyway, I certainly recommend you to set readonly="true". [1]
>
It is set to readonly now. But there was some change on the system, which caused
it to stop working in readwrite mode. Tomcat had been installed and functioning
every week for many months now.
> >> BTW, it is possible to set readonly="true" on the
> UserDatabase entry
> >> in server.xml and Tomcat won't try to write that file. (In
> Tomcat 6+
> >> readonly flag is "true" by default).
> >>
>
> [1]
> http://tomcat.apache.org/tomcat-5.5-doc/jndi-resources-howto.h
tml#UserDatabase_Resources
I do not have any use for built in user authentication. I will eventually try to
disable it entirely.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Issues on startup for tomcat 5.5 on RHEL 5.5
Posted by Konstantin Kolinko <kn...@gmail.com>.
2010/12/8 Jason Pyeron <jp...@pdinc.us>:
>> > java.io.IOException: IOException writing to
>> > /usr/share/tomcat5/conf/tomcat-users.xml.new
>>
>> What you do not understand in the above message?
>> Tomcat saves the file to a new name, then renames it.
>>
>
> I understand the message, it says tomcat cannot write that file. What I do not
> understand is how it cannot write that file.
>
Try to create that file. Maybe that'd give you some additional clue.
Maybe the file is already there, or maybe Tomcat runs not under the
user that you are expecting (or that user is non a member of the
"tomcat" group).
Anyway, I certainly recommend you to set readonly="true". [1]
>> BTW, it is possible to set readonly="true" on the
>> UserDatabase entry in server.xml and Tomcat won't try to
>> write that file. (In Tomcat 6+ readonly flag is "true" by default).
>>
[1] http://tomcat.apache.org/tomcat-5.5-doc/jndi-resources-howto.html#UserDatabase_Resources
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Issues on startup for tomcat 5.5 on RHEL 5.5
Posted by Jason Pyeron <jp...@pdinc.us>.
> -----Original Message-----
> From: Konstantin Kolinko
> Sent: Wednesday, December 08, 2010 0:29
> To: Tomcat Users List
> Subject: Re: Issues on startup for tomcat 5.5 on RHEL 5.5
>
> 2010/12/7 Jason Pyeron <jp...@pdinc.us>:
> >
> > The permissions on /usr/share/tomcat5/conf/ are 775 and
> owned by root.tomcat.
>
> It is a bad idea to have the configuration files world-readable.
>
> Especially tomcat-uses.xml and server.xml.
>
>
That is a valid point but not the issue at hand.
> > java.io.IOException: IOException writing to
> > /usr/share/tomcat5/conf/tomcat-users.xml.new
>
> What you do not understand in the above message?
> Tomcat saves the file to a new name, then renames it.
>
I understand the message, it says tomcat cannot write that file. What I do not
understand is how it cannot write that file.
> BTW, it is possible to set readonly="true" on the
> UserDatabase entry in server.xml and Tomcat won't try to
> write that file. (In Tomcat 6+ readonly flag is "true" by default).
>
> > cat /etc/tomcat5/tomcat-users.xml
>
> This file is not in "/usr/share/tomcat5/conf/"
>
Right, that is a symlink to /etc/tomcat5, which has all the properties as
decribed for /usr/share/tomcat5/conf/ (if I had tested /usr/share/tomcat5/conf
then the information provided would have been for the symlink and not the
target)
So the question remains, what could have changed on the RHEL 5.5 system between
last week and present to make tomcat complain. Unfortunatly the backups of the
system were only on /usr/local and /home so theyt were of no help and the rpm
log only indicates a kerbos update.
-Jason
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Issues on startup for tomcat 5.5 on RHEL 5.5
Posted by Konstantin Kolinko <kn...@gmail.com>.
2010/12/7 Jason Pyeron <jp...@pdinc.us>:
>
> The permissions on /usr/share/tomcat5/conf/ are 775 and owned by root.tomcat.
It is a bad idea to have the configuration files world-readable.
Especially tomcat-uses.xml and server.xml.
> java.io.IOException: IOException writing to
> /usr/share/tomcat5/conf/tomcat-users.xml.new
What you do not understand in the above message?
Tomcat saves the file to a new name, then renames it.
BTW, it is possible to set readonly="true" on the UserDatabase entry
in server.xml and Tomcat won't try to write that file. (In Tomcat 6+
readonly flag is "true" by default).
> cat /etc/tomcat5/tomcat-users.xml
This file is not in "/usr/share/tomcat5/conf/"
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org