Ubuntu
tomcat6 package

/var/lib/tomcat6/temp not writable by tomcat

Bug #287126 reported by Craig
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
tomcat6 (Ubuntu)
Fix Released
Critical
Thierry Carrez
Ubuntu ubuntu-8.10
Intrepid
Fix Released
Critical
Thierry Carrez
Ubuntu ubuntu-8.10

Bug Description

Binary package hint: tomcat6

In /etc/init.d/tomcat6, the temp directory is set to /var/lib/tomcat6/temp

However, when an application tries to use that directory, it is denied write access. During installation, that directory is set to:
drwxr-xr-x 2 root root 4096 2008-10-14 13:42 temp

I believe this should be:
drwxrwxr-x 2 root tomcat6 4096 2008-10-21 14:36 temp

Making that change allows tomcat6 applications to work.

Revision history for this message
Thierry Carrez (ttx) wrote :

This should definitively be fixed.

I'd rather propose to set the permissions to :
  drwxr-xr-x 2 tomcat6 root 4096 2008-10-14 13:42 temp
as there is no real reason to let members of the tomcat6 group write here, it's just the JVM tmpdir.

Changed in tomcat6:
assignee: nobody → tcarrez
importance: Undecided → Medium
status: New → In Progress
Revision history for this message
Thierry Carrez (ttx) wrote :

Proposed debdiff (also fixed bug 287447)

Regression potential is very slow as it is just relaxing two directories permissions, without any other change.

tomcat6 (6.0.18-0ubuntu3) intrepid; urgency=low

  * debian/tomcat6.postinst:
    - Make /var/lib/tomcat6/temp writeable by the tomcat6 user (LP: #287126)
    - Make /var/lib/tomcat6/webapps writeable by tomcat6 group (LP: #287447)

Revision history for this message
Mathias Gug (mathiaz) wrote :

ACK for sponsoring.

Subscribing ubuntu-release.

Revision history for this message
Steve Langasek (vorlon) wrote :

Ack for inclusion in intrepid post-RC; please upload.

BTW, shouldn't tomcat be using something other than /var/lib for a temp directory? This is an FHS violation, and is inconsistent with things like backup policies that try to avoid temp files. (But please don't change that for intrepid...)

Revision history for this message
Thierry Carrez (ttx) wrote :

Steve:
I replicated what was done on Tomcat 5.5 packages but I agree Tomcat should certainly use something more appropriate for "$CATALINA_BASE/temp". Tomcat in general doesn't play well with FHS as it expects to find everything in a single directory. However, as is done for the "$CATALINA_BASE/conf" or "$CATALINA_BASE/work" files, we could certainly symlink /var/lib/tomcat6/temp to something more FHS-compliant.

Will track that on bug 287452, as they are related.

Rick Clark (dendrobates)
Changed in tomcat6:
importance: Medium → Critical
Rick Clark (dendrobates)
Changed in tomcat6:
milestone: none → ubuntu-8.10
Revision history for this message
Thierry Carrez (ttx) wrote :

More complete debdiff that also fixes the status action returncodes, to avoid tomcat6-* unnecessary restarts that may fail.

Revision history for this message
Thierry Carrez (ttx) wrote :

The same with referenced bug number.

Revision history for this message
Martin Pitt (pitti) wrote :

ACK, please upload, so that it's readily available in the queue right after the RC release.

Revision history for this message
Mathias Gug (mathiaz) wrote :

Uploaded

Changed in tomcat6:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tomcat6 - 6.0.18-0ubuntu3

---------------
tomcat6 (6.0.18-0ubuntu3) intrepid; urgency=low

  * debian/tomcat6.postinst:
    - Make /var/lib/tomcat6/temp writeable by the tomcat6 user (LP: #287126)
    - Make /var/lib/tomcat6/webapps writeable by tomcat6 group (LP: #287447)
  * debian/tomcat6.init: make status return nonzero if tomcat6 is not running
    (fixes LP: #288218)

 -- Thierry Carrez <email address hidden> Thu, 23 Oct 2008 18:19:15 +0200

Changed in tomcat6:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.