Permission denied while doplying Tomcat 8 webapp on Amaon EC2
/opt/tomcat is declared to be the home directory of the tomcat user, but belongs to the root user (with the tomcat user not having write permissions).
Scrubbing the tutorial, especially the permissions section, I have mixed feelings towards the quality of the tutorial. It speaks about "giv[ing] the tomcat user write access to the conf directory" while changing the folder's permissions. Not having write permissions for the web application server's user to the software ran seems reasonable for production use (an attacker exploiting the tomcat process will not be able to modify software), this will also prevent you from deploying applications from withing the tomcat web application manager.
I'd go for setting up tomcat as the webapps group:
chgrp -R tomcat /opt/tomcat/webapps
and when you need to deploy new applications, add write permissions for that group:
chmod -R g+w /opt/tomcat/webapps
which you remove again after deployment:
chmod -R g-w /opt/tomcat/webapps
(you will need to run those commands with super user privileges, so prefix sudo as needed). This would also fit the Tomcat Security Considerations HowTo.
Related videos on Youtube
36 : 04
02 : 38
07 : 12
12 : 41
35 : 22
07 : 09
Greg
Updated on September 18, 2022Comments
-
Greg over 1 year
I can't find how I can get write and read permission into the tomcat folder.
I followed DigitalOcean's tutorial on setting up Tomcat. The only thing I did different is that I used Java 8 instead of 7, but I don't think that this is causing the issue.
When I log into the tomcat web application manager and upload the war I get following error:
FAIL - Deploy Upload Failed, Exception: java.io.FileNotFoundException: /opt/tomcat/webapps/SimpleServlet.war (Permission denied)
When I use Filezilla to connect to EC2 and I want to drop the file into webapps folder:
Error: /opt/tomcat/webapps/SimpleServlet.war: open for write: permission denied
Error: File transfer failedThe output of
ls -la /opt/tomcat/webappsis:total 28 drwxr-xr-x 7 root root 4096 Nov 20 09:19 . drwxr-xr-x 9 root root 4096 Nov 28 16:34 .. drwxr-xr-x 14 root root 4096 Nov 28 16:34 docs drwxr-xr-x 6 root root 4096 Nov 28 16:34 examples drwxr-xr-x 5 root root 4096 Nov 28 16:34 host-manager drwxr-xr-x 5 root root 4096 Nov 28 16:34 manager drwxr-xr-x 3 root root 4096 Nov 28 16:34 ROOTbut this is the folder structure that can be seen in FileZilla
On the tutorial I followed this step:
Then create a new tomcat user. We'll make this user a member of the tomcat group, with a home directory of /opt/tomcat (where we will install Tomcat), and with a shell of /bin/false (so nobody can log into the account):
sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcatCould this be the problem?
-
Jens Erat over 8 yearsWhat's the output ofls -la /opt/tomat/webapps? -
Greg over 8 years@JensErat thanks for responding, i updated my question.
-
Jens Erat over 8 yearsI had a typo in the comment. Please try again with
ls -la /opt/tomcat/webapps(tomcatinstead oftomat). -
Greg over 8 yearsI'm sorry @JensErat i did't notice the typo either. I have put the output into the question.
-
-
Greg over 8 yearsThanks for this. I would up vote your question but i don't have enough reputation yet.
-
Jens Erat over 8 yearsIf you really feel like upvoting -- you're just two reputation points away from that privilege, which is for example earned by improving a single other user's post by an edit.
-
Greg over 8 yearsFinally enough reputation to up vote your question. ;)