I am using the standalone jar of WireMock on CentOS.
Starting the server is fine but when I am trying to access the mapping files using the url:
http://localhost:8090/_admin
I am getting the error:
HTTP ERROR 404
Problem accessing /__files/_admin. Reason:
NOT_FOUND
I am starting WireMock as below:
java -jar wiremock-1.57-standalone.jar --port 8090
Below are the permissions of the files in the directory:
drwxrwxrwx 2 anurag.upadhaya domain users 4096 Mar 17 12:16 __files
drwxrwxrwx 2 anurag.upadhaya domain users 4096 Mar 17 12:16 mappings
-rwxrwxrwx 1 anurag.upadhaya domain users 6935826 Mar 18 09:57 wiremock-1.57-standalone.jar
It's __admin (with two underscores)
Related
I have playing with some docker containers with LAMP.
The issue I am facing is that if I put my webpage to the www folder the page is showing up but the images from the folder www/icons/test.png wont show up. (http://192.168.123.123:8082/icons/test.png)
I get
Not Found
The requested URL was not found on this server.
Apache/2.4.38 (Debian) Server at 192.168.123.123 Port 8082
I made a copy of the icons folder to a subfolder www/test/icons/test.png and its working fine!
If I change path on the webpage all good.(http://192.168.123.123:8082/test/icons/test.png)
I checked the permissions for both folders and subfiles and they are the same!
drwxr-xr-x 11 userwh2 userwh2 4096 Aug 2 08:53 www
drwxr-xr-x 2 userwh2 userwh2 4096 Aug 1 10:19 www/icons
-rw-r--r-x 1 userwh2 userwh2 12145 Jul 24 2020 www/icons/test.png
drwxr-xr-x 3 userwh2 userwh2 4096 Aug 2 08:52 www/test
drwxr-xr-x 2 userwh2 userwh2 4096 Aug 1 10:19 www/test/icons
-rw-r--r-x 1 userwh2 userwh2 12145 Jul 24 2020 www/test/icons/test.png
I cant figure it out....
Any ideas anyone?
Edit:
Found this in the log:
Cannot serve directory /usr/share/apache2/icons/: No matching DirectoryIndex (index.php,index.html) found, and server-generated directory index forbidden by Options directive
Actually I was able to find an answer
https://forum.getkirby.com/t/subpage-not-working-after-digital-ocean-deployment/16083/41
Seems like the /icons folder name its used by apache2 when doing a lookup and that is why its getting confused. Its like a common name probably in apache (ex, root, etc)
I am getting below error when trying to start the tomcat using systemd service
systemd[1]: tomcat.service: Failed to execute command: Permission denied
systemd[1]: tomcat.service: Failed at step EXEC spawning /opt/tomcat/bin/startup.sh: Permission denied
Below is my tomcat.service configuration
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
[Service]
Type=forking
Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target
These are my permission on files in the bin directory
drwxrwx---. 2 tomcat tomcat 4096 Mar 22 05:56 .
drwx------. 9 tomcat tomcat 276 Mar 22 05:58 ..
-rw-r-----. 1 tomcat tomcat 35071 Mar 11 09:33 bootstrap.jar
-rw-r-----. 1 tomcat tomcat 15953 Mar 11 09:33 catalina.bat
-rwxr-x--x. 1 tomcat tomcat 23792 Mar 11 09:33 catalina.sh
-rw-r-----. 1 tomcat tomcat 1664 Mar 11 09:36 catalina-tasks.xml
-rw-r-----. 1 tomcat tomcat 2123 Mar 11 09:33 ciphers.bat
-rwxr-x--x. 1 tomcat tomcat 1997 Mar 11 09:33 ciphers.sh
-rw-r-----. 1 tomcat tomcat 25197 Mar 11 09:33 commons-daemon.jar
-rw-r-----. 1 tomcat tomcat 206895 Mar 11 09:33 commons-daemon-native.tar.gz
-rw-r-----. 1 tomcat tomcat 2040 Mar 11 09:33 configtest.bat
-rwxr-x--x. 1 tomcat tomcat 1922 Mar 11 09:33 configtest.sh
-rwxr-x--x. 1 tomcat tomcat 8675 Mar 11 09:33 daemon.sh
-rw-r-----. 1 tomcat tomcat 2091 Mar 11 09:33 digest.bat
-rwxr-x--x. 1 tomcat tomcat 1965 Mar 11 09:33 digest.sh
-rw-r-----. 1 tomcat tomcat 3606 Mar 11 09:33 makebase.bat
-rwxr-x--x. 1 tomcat tomcat 3382 Mar 11 09:33 makebase.sh
-rw-r-----. 1 tomcat tomcat 3460 Mar 11 09:33 setclasspath.bat
-rwxr-x--x. 1 tomcat tomcat 3708 Mar 11 09:33 setclasspath.sh
-rw-r-----. 1 tomcat tomcat 2020 Mar 11 09:33 shutdown.bat
-rwxr-x--x. 1 tomcat tomcat 1902 Mar 11 09:33 shutdown.sh
-rw-r-----. 1 tomcat tomcat 2022 Mar 11 09:33 startup.bat
-rwxr-x--x. 1 tomcat tomcat 1904 Mar 11 09:33 startup.sh
-rw-r-----. 1 tomcat tomcat 49372 Mar 11 09:33 tomcat-juli.jar
-rw-r-----. 1 tomcat tomcat 419428 Mar 11 09:33 tomcat-native.tar.gz
-rw-r-----. 1 tomcat tomcat 4574 Mar 11 09:33 tool-wrapper.bat
NOTE: I am able to start the tomcat using sudo ./startup.sh command by navigating to bin directory
Can you check your /opt and /opt/bin permissions
Looks like
chmod a+rx /opt /opt/tomcat/ /opt/tomcat/bin
should help
I suppose you followed one of the many copied online tutorials where the tomcat user is made with /opt/tomcat/ as its home directory by using something similar like:
sudo useradd -d /opt/tomcat -s /sbin/nologin tomcat
SELinux is preventing applications from being launched from a home directory, with a message like the following in /var/log/audit/audit.log
type=AVC msg=audit(1614250994.710:33614): avc: denied { execute } for pid=60244 comm="(artup.sh)" name="startup.sh" dev="dm-3" ino=19000615 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0
I don't believe the tomcat user needs a home folder, so either remove it from an existing user with:
sudo usermod -d / tomcat
Or create your new user with the following instead:
sudo useradd -M -s /sbin/nologin tomcat
Reset the SELinux properties with the following afterwards:
sudo restorecon -rv /opt/tomcat
I encountered same problem and fix it by restorecon.
I don't know if the reason why the problem happened is same as the original question but I think it depends on how to install tomcat.
In general, we download the tar.gz onto a temp directory and tar xzvf at the temp directory. Next, we move it to /opt or /usr/local. At that time, if we use mv, SELinux context is not changed then permission denied happens. But you can change it by restorecon. If we use cp -R, SELinux context is changed then permission denied does not happen.
In case someone follows the google links to get here, there were three problems in my case that prevented Tomcat 9 (installed from TAR file) from starting on a RHEL 8 system that has CIS recommended security lock-downs on it. I think the DoD STIGs are similar, but not sure. I had the exact same messages in the system journal that the OP did.
First, our security folks went overboard and added the "noexec" option to the mount that the Tomcat was on, which is a separate partition and LVM volume for both security and organizational reasons. I had to modify the mount by removing the "noexec" option in the "/etc/fstab" file, to whit:
Before:
/dev/mapper/vg01-mymount /mymount xfs defaults,nodev,noexec 0 0
After:
/dev/mapper/vg01-mymount /mymount xfs defaults,nodev 0 0
Second, I found they had installed the "fapolicyd" daemon, and that acts like an application allow-listing for execution and access to files. Instead of using the standard method of adding individual binaries to a list in "/etc/fapolicyd/fapolicyd.trust", or creating files in "/etc/fapolicyd/trust.d/" directory, I followed recommendations from this reply on a blog entry here:https://computingforgeeks.com/install-apache-tomcat-9-on-linux-rhel-centos/#comment-7841 . This is the coward's way out, by adding all policy permissions for the tomcat user to access the whole tomcat directory, and depending on file-level permissions to do the security from there:
allow perm=any uid=tomcat gid=tomcat : dir=/mymount/tomcat/
I'm not really sure this will pass scrutiny with any security policies where you work, but it gets the thing running. Individual rules for fapolicyd can be made to run specific files, certain MIME types, read-only on whole directories, etc. The major flaw I found is that the logging from the daemon is less than stellar (or non-existent in my case), and left me scratching my head for a couple days as to what was blocking Tomcat starting. Just knowing fapolicyd is installed is half the battle won.
Third, checking SELinux reports (aureport binary) showed that the systemd binary context of "init_t" did not have permission to execute files in the Tomcat dir because they had the wrong context ("default_t"). Here I only changed the context of the script files in /tomcat/bin/ to "initrc_exec_t", which also may be bad, but it worked without disabling SELinux or doing weird things like compile a new SELinux policy file that allowed that access (i.e. allow init_t to execute default_t files, which seems like it would be much worse). I used a similar command set to the below:
semanage fcontext --add --type initrc_exec_t /mymount/tomcat/bin/startup.sh
semanage fcontext --add --type initrc_exec_t /mymount/tomcat/bin/shutdown.sh
semanage fcontext --add --type initrc_exec_t /mymount/tomcat/bin/catalina.sh
semanage fcontext --add --type initrc_exec_t /mymount/tomcat/bin/setclasspath.sh
semanage fcontext --add --type initrc_exec_t /mymount/tomcat/bin/setenv.sh
restorecon -rv /mymount/tomcat/
I don't know if it needed the last three (catalina.sh, setclasspath.sh, setenv.sh), but I added them to be sure. This fixed my issue with systemd.
I'm getting following error when using imagick:
Fontconfig error: Cannot load default config file
My script is working but i would like to fix this (is filling up log file).
OS is:
# cat /etc/redhat-release
CentOS release 5.10 (Final)
I was looking trough internet little bit and this is causing problem:
access("/etc/fonts/fonts.conf", R_OK) = -1 ENOENT (No such file or directory)
Folder exists:
# ls /etc/fonts/ -all
total 64
drwxr-xr-x 4 root root 4096 Jul 9 2010 ./
drwxr-xr-x 86 root root 12288 Jan 13 00:48 ../
drwxr-xr-x 2 root root 4096 Jan 3 2012 conf.avail/
drwxr-xr-x 2 root root 4096 Apr 14 2013 conf.d/
-rw-r--r-- 1 root root 5239 Jan 12 2008 fonts.conf
-rw-r--r-- 1 root root 6907 Jan 12 2008 fonts.dtd
But i see only this folder via root account, other account under with script is run doesn't see this folder. Permissions looks fine for me, but not so experienced with linux.
Account under with script is run is created with WHM.
Please help :)
I manage to solve my problem. chroot was making trouble.
I need to:
log with root account
find jailed environment of account on with i run script (in my case /home/virtfs/[username])
to create folder where i will mount real stuff mkdir /home/virtfs/[username]/etc/fonts
to mount /etc/fonts to this folder: mount --bind /etc/fonts /home/virtfs/[username]/etc/fonts
Posting an answer for CentOS 7 in 2021:
yum install fontconfig
More info here:
https://centos.pkgs.org/7/centos-x86_64/fontconfig-2.13.0-4.3.el7.x86_64.rpm.html
Hello I am trying to setup Joomla. When I try to change some settings through the Global Settings Manager, and then save, I keep getting and error saying I can't write to that file.
I have tried playing around with the settings and file permissions even changing them to 755, and it still won't let me write to the file.
I have the owner set to 'root.root' and am running Fedora 18.
I have it installed on localhost, and not through FTP.
Why can't I write to these files (like configuration.php), is there something I am missing?
Joomla does not tell me what file I am trying to write to, but I assume if I'm editing Global Settings it attempts to write to configuration.php.
here is the output of ls -l /var/www/html/joomla
total 116
-rw-r--r--. 1 apache apache 17816 Nov 6 15:18 LICENSE.txt
-rw-r--r--. 1 apache apache 4300 Nov 6 15:18 README.txt
drwxr-xr-x. 10 apache apache 4096 Nov 6 15:18 administrator
drwxr-xr-x. 2 apache apache 4096 Nov 6 15:18 bin
drwxr-xr-x. 2 apache apache 4096 Nov 6 15:18 cache
drwxr-xr-x. 2 apache apache 4096 Nov 6 15:18 cli
drwxr-xr-x. 17 apache apache 4096 Nov 6 15:18 components
-rw-r--r--. 1 apache apache 2018 Dec 6 05:56 configuration.php
-rw-r--r--. 1 apache apache 3118 Nov 6 15:18 htaccess.txt
drwxr-xr-x. 5 apache apache 4096 Nov 6 15:18 images
drwxr-xr-x. 2 apache apache 4096 Nov 6 15:18 includes
-rw-r--r--. 1 apache apache 1011 Nov 6 15:18 index.php
-rw-r--r--. 1 apache apache 1909 Nov 6 15:20 joomla.xml
drwxr-xr-x. 4 apache apache 4096 Nov 6 15:18 language
drwxr-xr-x. 4 apache apache 4096 Nov 6 15:18 layouts
drwxr-xr-x. 12 apache apache 4096 Nov 6 15:18 libraries
drwxr-xr-x. 2 apache apache 4096 Dec 6 04:51 logs
drwxr-xr-x. 18 apache apache 4096 Nov 6 15:18 media
drwxr-xr-x. 28 apache apache 4096 Nov 6 15:18 modules
drwxr-xr-x. 14 apache apache 4096 Nov 6 15:18 plugins
-rw-r--r--. 1 apache apache 901 Nov 6 15:18 robots.txt.dist
drwxr-xr-x. 5 apache apache 4096 Dec 6 04:39 templates
drwsr-xr-x. 2 apache apache 4096 Dec 6 04:44 tmp
-rw-r--r--. 1 apache apache 1715 Nov 6 15:18 web.config.txt
And output of ls -ld joomla/
drwxr-xr-x. 18 apache apache 4096 Dec 6 05:57 joomla/
Also, running the command tail -f /var/log/httpd/error_log I get this
PHP Warning: file_put_contents(/var/www/html/joomla/configuration.php): failed to open stream: Permission denied in /var/www/html/joomla/libraries/joomla/filesystem/file.php on line 422, referer: http://localhost/administrator/index.php?option=com_config
After digging a bit deeper into the problem. I discovered that SELinux was blocking r/w access to httpd. This could be seen when running
ls -aLZ joomla
By running the command you would see that all files would show up to be
httpd_sys_content_t
When they really should be
httpd_sys_rw_content_t
Running a simple
chcon -R -t httpd_sys_content_rw_t /var/www/html/joomla/
AND VOILA! Problem Solved.
Thank you everyone for the help, and I hope someone else can benefit from this in the near future.
Try restarting the webserver?
As the permission must get reflected.
I setup svn on my local system /svn/repos/myproject by following this tutorial. I'm able to view the repo in browser.
But when it try to import new project I couldn't through svn client ( rapid svn ) it shows following error:
Execute: Import
Error while performing action:
Can't open file '/svn/repos/myproject/db/txn-current-lock': Permission denied
Svn directory permissions:
→ ls -l /svn
total 12
drwxrwxr-x 2 root root 4096 Feb 15 12:09 permissions
drwxrwxr-x 4 apache apache 4096 Feb 15 12:09 repos
drwxrwxr-x 2 root root 4096 Feb 15 12:09 users
Repo directory:
→ ls -l
total 8
drwxrwxr-x 3 root root 4096 Feb 15 12:09 conf
drwxrwxr-x 7 apache apache 4096 Feb 15 12:09 myproject
How to solve this issue?
I've given 777 permission to repos directory which solved this issue. But i got another issue like Couldn't perform atomic initialization.
I think this is due to incompatible sqlite version with subversion we're using, this can be solved by updating svnadmin command,
svnadmin create --pre-1.6-compatible --fs-type fsfs /svn/repos/myproject