Tomcat security configuration error prevents proper logging when used with Sun's JVM
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tomcat5.5 (Ubuntu) |
Triaged
|
Low
|
Unassigned | ||
tomcat6 (Ubuntu) |
Fix Released
|
Low
|
Thierry Carrez |
Bug Description
Ubuntu Server 8.04.3 LTS
tomcat5.5, 5.5.25-5ubuntu1.2
Tomcat's logging facility does not work in a clean default installation: No logfiles at all are generated in /var/log/tomcat5.5, even if severe errors occur in Tomcat.
The problem seems to be a permission error. Looking at syslog, I can see at startup:
18:31:33 hikuku jsvc.exec[25015]: Could not load Logmanager "org.apache.
Aug 7 18:31:33 hikuku jsvc.exec[25015]: java.security.
Afterwards the syslog is clogged completely with "Can't load log handler "1catalina.
I guess it's a problem with the catalina.policy file, but I have no idea how to fix this.
Please don't tell me to upgrade to a newer Ubuntu version, for my server I need LTS...
Changed in tomcat5.5 (Ubuntu): | |
status: | Confirmed → Triaged |
Changed in tomcat6 (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Low |
Changed in tomcat6 (Ubuntu): | |
assignee: | nobody → Thierry Carrez (ttx) |
status: | Triaged → In Progress |
I also installed a clean default installation of tomcat 5.5 on Ubuntu Server 8.0.4.3 LTS on 8/7/09. I was seeing the same exact behavior, plus webapp I deployed was not starting. I have come up with a workaround, but I do not recommend it for a production environment due to it's hammer approach. A better solution would be much appreciated.
1. Stop the Tomcat server 5/policy. d/50user. policy
2. Add the following to /etc/tomcat5.
grant {
permission java.security. AllPermission;
};
3. Restart the Tomcat server
4. Check /var/log/tomcat55 and you'll see the logs
As you can see, this is a hammer approach to the permissions issue, but I was unable to determine which exact permissions needed to be opened in order to get logging to work.