You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by thully <tm...@eng.ucsd.edu> on 2015/01/24 02:08:59 UTC
Karaf 3.0.2 tries to write to etc/config.properties, terminates on
failure
Since we've upgrade our project (Cytoscape) to Karaf 3.0.2, we've discovered
that Karaf is apparently writing to its own etc/config.properties the first
time a new installation starts up. If the user happens to not have write
permission to this file, Karaf will terminate with an error like the
following:
C:\Program Files\Cytoscape_v3.3.0-SNAPSHOT\framework\etc\config.properties
(Access is denied)
This presents a problem on many end-user systems - if a user doesn't have
write permission to the install directory, it is impossible to run after the
initial install. We have noticed that it does seem to work after running it
as administrator once - apparently it only needs to write the file on the
first startup. Though that may be a workaround, this still creates a very
undesirable situation for the end user.
Is there a way to disable writing to the config.properties, or at least
allow it to fail quietly rather than terminating? It is a bit odd to see
Karaf rewriting its own config files - not sure why this is being done in
Karaf 3....
--
View this message in context: http://karaf.922171.n3.nabble.com/Karaf-3-0-2-tries-to-write-to-etc-config-properties-terminates-on-failure-tp4037973.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Karaf 3.0.2 tries to write to etc/config.properties, terminates
on failure
Posted by thully <tm...@eng.ucsd.edu>.
OK - it seems like that will work for us. It seems to work in
custom.properties as well as config.properties - are there any issues with
putting it there instead? That seems like it would be better as that is
where we keep all our custom settings currently (config.properties is left
unmodified from stock Karaf).
Also, are there any other issues we should worry about running Karaf 3.0.2
from a directory with read-only access?
--
View this message in context: http://karaf.922171.n3.nabble.com/Karaf-3-0-2-tries-to-write-to-etc-config-properties-terminates-on-failure-tp4037973p4038033.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Karaf 3.0.2 tries to write to etc/config.properties, terminates
on failure
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
In that case, I would implement the workaround that I proposed.
Regards
JB
On 01/26/2015 06:56 PM, thully wrote:
> What exactly is the security risk to adding this to the config.properties
> file in our distribution? It sounds like this mostly is an issue for Karaf
> instances that allow remote users to connect - am I correct? As our app is
> intended for local use, we disable all external connections in our
> configuration.
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Karaf-3-0-2-tries-to-write-to-etc-config-properties-terminates-on-failure-tp4037973p4038030.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Karaf 3.0.2 tries to write to etc/config.properties, terminates
on failure
Posted by thully <tm...@eng.ucsd.edu>.
What exactly is the security risk to adding this to the config.properties
file in our distribution? It sounds like this mostly is an issue for Karaf
instances that allow remote users to connect - am I correct? As our app is
intended for local use, we disable all external connections in our
configuration.
--
View this message in context: http://karaf.922171.n3.nabble.com/Karaf-3-0-2-tries-to-write-to-etc-config-properties-terminates-on-failure-tp4037973p4038030.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Karaf 3.0.2 tries to write to etc/config.properties, terminates
on failure
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi,
The Karaf main loads the config.properties (as a
org.apache.felix.utils.properties.Properties) and load some additional
properties in it (like System env/properties).
Especially, it writes one thing (and the only thing ;)): the shutdown
command.
It's the:
karaf.shutdown.command
property, containing an unique/random UUID to "secure" the Karaf shutdown.
If the property is not in etc/config.properties, Karaf will try to
create one and write in etc/config.properties.
If the property is already there, it just uses it.
So, as a workaround, you can modify etc/config.properties to add:
karaf.shutdown.command=321DE18U23187
(or whatever you want).
Anyway, you are right, you should not prevent Karaf to start if the
config.properties can't be updated (just warn that the shutdown command
is "unsecure").
I create a Jira for that.
Regards
JB
On 01/24/2015 02:08 AM, thully wrote:
> Since we've upgrade our project (Cytoscape) to Karaf 3.0.2, we've discovered
> that Karaf is apparently writing to its own etc/config.properties the first
> time a new installation starts up. If the user happens to not have write
> permission to this file, Karaf will terminate with an error like the
> following:
>
> C:\Program Files\Cytoscape_v3.3.0-SNAPSHOT\framework\etc\config.properties
> (Access is denied)
>
> This presents a problem on many end-user systems - if a user doesn't have
> write permission to the install directory, it is impossible to run after the
> initial install. We have noticed that it does seem to work after running it
> as administrator once - apparently it only needs to write the file on the
> first startup. Though that may be a workaround, this still creates a very
> undesirable situation for the end user.
>
> Is there a way to disable writing to the config.properties, or at least
> allow it to fail quietly rather than terminating? It is a bit odd to see
> Karaf rewriting its own config files - not sure why this is being done in
> Karaf 3....
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Karaf-3-0-2-tries-to-write-to-etc-config-properties-terminates-on-failure-tp4037973.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com