How to allow Tomcat war app to write in folder

by

Let’s start with: chmod 777 is great for testing, but absolutely unfit for the real world and you shouldn’t get used to this setting. Rather set the owner/group correctly, before you give world write permissions.

Edit: A similar question just came up on the Tomcat mailing list, and Emmanuel Bourg pointed out that Debian Tomcat is sandboxed by systemd. Read your /usr/share/doc/tomcat9/README.Debian which contains this paragraph:

Tomcat is sandboxed by systemd and only has write access to the
following directories:

  • /var/lib/tomcat9/conf/Catalina (actually /etc/tomcat9/Catalina)
  • /var/lib/tomcat9/logs (actually /var/log/tomcat9)
  • /var/lib/tomcat9/webapps
  • /var/lib/tomcat9/work (actually /var/cache/tomcat9)

If write access to other directories is required the service settings
have to be overridden. This is done by creating an override.conf file
in /etc/systemd/system/tomcat9.service.d/ containing:

[Service]

ReadWritePaths=/path/to/the/directory/

The service has to be restarted afterward with:

  systemctl daemon-reload
  systemctl restart tomcat9

Edit 2022: Note that these are the 2019 paths – validate if you need to adapt them to the current location of your tomcat whenever you run across this answer (e.g. see Ng Sek Long’s comment for Ubuntu 20)

End of edit, continuing with the passage that didn’t solve OP’s problem, but should stay in:

If – all things tested – Tomcat should have write access to that directory, but doesn’t have it, the error message points me to an assumption: Could it be that

  • Tomcat is running as root?
  • The directory is mounted through NFS?

The default configuration for NFS is that root has no permissions whatsoever on that external filesystem (or was it no write-permission? this is ancient historical memory – look up “NFS root squash” to get the full story)

If this is a condition that matches what you are running, you should stop running Tomcat as root, and rather run it as an unprivileged user. Then you can set the permissions on the directory in question to be writeable by your tomcat-user, and readable by nginx, and you’re done.

Running Tomcat as root is a recipe for disaster: You don’t want a process that’s available from the internet to run as root.

If these conditions don’t meet your configuration: Elaborate on the configuration. I’d still stand by this description for others who might find this question/answer later.

More Related Contents:

  1. nginx – nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
  2. How to start nginx via different port(other than 80)
  3. Nginx: stat() failed (13: permission denied)
  4. What do the *-dev packages in the Linux package repositories actually contain?
  5. Nginx no-www to www and www to no-www
  6. How to deploy a war file in Tomcat 7
  7. Docker Error bind: address already in use
  8. How to create war files
  9. Allow docker container to connect to a local/host postgres database
  10. What is the best practice of docker + ufw under Ubuntu
  11. How do I add a CA root certificate inside a docker image?
  12. Vagrant error : Failed to mount folders in Linux guest
  13. There are 0 datanode(s) running and no node(s) are excluded in this operation
  14. Removing all installed OpenCV libs
  15. .bashrc at ssh login
  16. How to update-alternatives to Python 3 without breaking apt?
  17. In Docker, apt-get install fails with “Failed to fetch http://archive.ubuntu.com/ … 404 Not Found” errors. Why? How can we get past it?
  18. How to kill a process on a port on ubuntu
  19. Missing include “bits/c++config.h” when cross compiling 64 bit program on 32 bit in Ubuntu
  20. Is it possible to run selenium (Firefox) web driver without a GUI?
  21. How do I update a Tomcat webapp without restarting the entire service?
  22. How to download all files (but not HTML) from a website using wget?
  23. How To Set Up GUI On Amazon EC2 Ubuntu server
  24. How to kill zombie process
  25. gpg: no valid OpenPGP data found
  26. cannot get elasticsearch service to run in ubuntu 17?
  27. Why is WSL extremely slow when compared with native Windows NPM/Yarn processing?
  28. Unknown encoder ‘libfaac’
  29. R: apt-get install r-cran-foo vs. install.packages(“foo”)
  30. How to configure PyQt4 for Python 3 in Ubuntu?

Leave a Comment