Permission issues with tomcat

I installed Tomcat 7 following the Ubuntu guide. The server is working and gives me the "It works!" page on http://localhost:8080/.

Now I want to setup my own webapp using Netbeans. I generated a new Web Project with Java EE 6 and Tomcat 7. The user is on the /var/lib/tomcat7/conf/tomcat-users.xml file properly configured.

When I run the project everything seems ok, but when I open the browser it displays a 500 error.

  • The Tomcat output mentions permission errors trying to access tomcat7/logs and
  • The IDE logs trying to access tomcat7/conf.

Files permissions:

lucio@lucio-pc:/$ ll /var/lib/tomcat7/logs
lrwxrwxrwx 1 root root 17 jul 24 18:07 /var/lib/tomcat7/logs -> ../../log/tomcat7/
lucio@lucio-pc:/$ ll /var/log/tomcat7/
total 136
drwxr-x---  2 tomcat7 adm      4096 ago 28 10:50 ./
drwxrwxr-x 15 root    syslog   4096 ago 28 09:29 ../
-rw-r--r--  1 tomcat7 tomcat7   800 ago 26 17:23 catalina.2014-08-26.log.gz
-rw-r--r--  1 tomcat7 tomcat7  5173 ago 27 21:59 catalina.2014-08-27.log
-rw-r--r--  1 tomcat7 tomcat7 31285 ago 28 10:36 catalina.2014-08-28.log
-rw-r--r--  1 tomcat7 root    44192 ago 28 10:36 catalina.out
-rw-r--r--  1 tomcat7 tomcat7    45 ago 26 16:19 localhost.2014-08-26.log.gz
-rw-r--r--  1 tomcat7 tomcat7     0 ago 27 11:15 localhost.2014-08-27.log
-rw-r--r--  1 tomcat7 tomcat7   433 ago 28 09:49 localhost.2014-08-28.log
-rw-r--r--  1 tomcat7 tomcat7  7435 ago 26 17:23 localhost_access_log.2014-08-26.txt
-rw-r--r--  1 tomcat7 tomcat7     0 ago 27 11:15 localhost_access_log.2014-08-27.txt
-rw-r--r--  1 tomcat7 tomcat7 15186 ago 28 09:58 localhost_access_log.2014-08-28.txt

I don't understand why can't access the files, you can see that the user and group tomcat7 has permissions to the files. Is there a user for the JVM that needs privileges over the files?

I also tried changing files ownerships as mentioned here but it doesn't change at all.


The /etc/default/tomcat7 file has:

TOMCAT7_USER=tomcat7
TOMCAT7_GROUP=tomcat7

So I guess it is running as tomcat7 user.


I added my user into the tomcat7 group:

sudo usermod -aG tomcat7 $USER

And then restarted the machine, but the problem persist.


I noticed two problems here.

Two lines in the error log stood out to me:

SEVERE: Cannot find specified temporary folder at /var/lib/tomcat7/temp  

and:

java.io.FileNotFoundException: /var/lib/tomcat7/conf/tomcat-users.xml (Permission denied)

Doing a bit of diagnosis with Lucio, I figured out that the tomcat-users.xml file was not owned by Tomcat, but instead root. Change the permissions to the proper ones by running the command:

sudo chown tomcat7:tomcat7 /var/lib/tomcat7/conf/tomcat-users.xml

Also, create the folder /var/lib/tomcat7/temp with tomcat permissions, like so:

sudo mkdir /var/lib/tomcat7/temp && sudo chown -R tomcat7:tomcat7 /var/lib/tomcat7/temp

Finally, fixing the logs should be done by making /var/lib/tomcat7/logs owned by the tomcat7 user/group. The /var/log/tomcat7/ should also be owned by the tomcat7 user AND group.