/var/log/tomcat9 changes permissions on boot

41 views
Skip to first unread message

robin....@gmail.com

unread,
Feb 14, 2023, 10:20:31 AM2/14/23
to xnat_discussion
Hej again,

I noticed that the ownership of /var/log/tomcat9, that we change to xnat.xnat in the guide, resets to 
drwxr-xr-x 2 tomcat adm
on reboot.

Google told me that it might have to do with some umask thing but that's over my head.

Why would this be?
I need to run 
chown -RH --dereference xnat.xnat /var/log/tomcat9
after each reboot.

The web-server launches, but I can't read the logfiles under /var/lib/tomcat9/logs/, which point to /var/log/tomcat9 without sudo.

Thanks!

akluiber

unread,
Feb 14, 2023, 4:16:38 PM2/14/23
to xnat_discussion
I was just looking into this myself and I wonder if it has to do with logrotate?

On Ubuntu 20.04, I've edited the following line in /etc/logrotate.d/tomcat9:
create 640 tomcat adm  -->   create 640 xnat xnat

We'll see if that makes a difference.

Rick Herrick

unread,
Feb 20, 2023, 1:07:33 PM2/20/23
to xnat_di...@googlegroups.com
Sorry about the delay in replying. I actually wrote this last week but just noticed it stuck in my email outbox.

Alex, you're correct at least in part about the Tomcat logrotate configuration. When Robin mentioned the permissions changing, I remembered I had run into that at some point but couldn't remember exactly what caused it. I was thinking it was something in the service definition but couldn't find anything there. It looks like there are a couple places you need to change:
  • /etc/logrotate.d/tomcat9
  • /etc/rsyslog.d/tomcat9.conf
The changes in the logrotate configuration are pretty simple: replace sysadm adm or tomcat adm with xnat xnat. For rsyslog, edit that file to look like this (there will be more lines in there, just modify the last part):

:programname, startswith, "tomcat9” {
  action(type="omfile" file="/var/log/tomcat9/catalina.out" Template="TomcatFormat" fileOwner="xnat" fileGroup="xnat" fileCreateMode=“0640”)
}

Basically you’re just adding the fileOwner and fileGroup attributes to that action line.

I stopped Tomcat, deleted everything under /var/log/tomcat9, changed ownership of that folder to xnat:xnat, restarted logrotate and rsyslog, then restarted Tomcat, and voila:

# find /var/log/tomcat9 -ls
   420972      4 drwxr-xr-x   2 xnat     xnat         4096 Feb 20 11:59 /var/log/tomcat9
   422995      8 -rw-r-----   1 xnat     xnat         5508 Feb 20 11:59 /var/log/tomcat9/catalina.2023-02-20.log
   427898      0 -rw-r-----   1 xnat     xnat            0 Feb 20 11:59 /var/log/tomcat9/localhost.2023-02-20.log
   427916      0 -rw-r-----   1 xnat     xnat            0 Feb 20 11:59 /var/log/tomcat9/localhost_access_log.2023-02-20.txt

--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xnat_discussi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/518753a3-6568-4246-820c-afb71a395374n%40googlegroups.com.

akluiber

unread,
Mar 9, 2023, 1:41:50 PM3/9/23
to xnat_discussion
Was running into issues again after recent package updates. Also worth changing the permissions set in the file at /usr/lib/tmpfiles.d/tomcat9.conf
Reply all
Reply to author
Forward
0 new messages