如何授予 Tomcat 9 对其他文件的访问权限
How to grant Tomcat 9 access on other files
Tomcat 9 已沙盒化。
我想读取日志文件的数据。
文件位于“/opt/zigbee2mqtt/data/.”
我已经读过这个线程并试过了。
我编辑了文件,systemctl daemon-reload 以及 systemctl restart tomcat9。
然后我写了 java class 应该从日志文件中读取数据。但我得到一个例外。
java.io.FileNotFoundException: /opt/zigbee2mqtt/data/configuration.yaml (Permission denied)
at java.base/java.io.FileOutputStream.open0(Native Method)
at java.base/java.io.FileOutputStream.open(FileOutputStream.java:298)
at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:237)
at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:187)
at com.fasterxml.jackson.dataformat.yaml.YAMLFactory.createGenerator(YAMLFactory.java:437)
at com.fasterxml.jackson.databind.ObjectMapper.createGenerator(ObjectMapper.java:1156)
at com.fasterxml.jackson.databind.ObjectMapper.writeValue(ObjectMapper.java:3570)
at zigbee.main.doupdateconfiguration(main.java:81)
at Servlet.configuration.doPost(configuration.java:72)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.ExpiresFilter.doFilter(ExpiresFilter.java:1226)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
我想如果我用 chmod 或 chown 改变一些东西,但也许 Zigbee 服务将无法工作?我不是 Linux 专家。我不想做任何错误或不安全的事情。
root@raspberrypi:/opt/zigbee2mqtt/data# ls -halt
total 24K
drwxr-xr-x 6 pi pi 4.0K May 12 09:17 log
drwxr-xr-x 3 pi pi 4.0K May 10 18:31 .
-rw-r--r-- 1 pi pi 4.0K May 10 18:31 database.db
-rw-rw-r-- 1 pi pi 360 May 10 18:31 state.json
-rw-rw-r-- 1 pi pi 330 May 10 17:23 configuration.yaml
drwxr--r-- 12 pi pi 4.0K May 10 11:16 ..
Tomcat 9 可以读取文件并且 Zigbee 可以更新它的最佳解决方案是什么?
更新:
root@raspberrypi:/opt/zigbee2mqtt/data# ll
total 24K
-rw-rw-r-- 1 pi webservice 360 May 13 22:03 state.json
drwxrw-r-x 6 pi webservice 4.0K May 12 09:17 log
drwxr-xr-x 3 pi pi 4.0K May 10 18:31 .
-rw-rw-r-- 1 pi webservice 4.0K May 10 18:31 database.db
-rw-rw-r-- 1 pi webservice 330 May 10 17:23 configuration.yaml
drwxr--r-- 12 pi pi 4.0K May 10 11:16 ..
root@raspberrypi:/opt/zigbee2mqtt/data# id tomcat
uid=1001(tomcat) gid=1001(tomcat) groups=1001(tomcat),1002(webservice)
节选:/etc/systemd/system/tomcat9.service.d/override.conf
[Service]
ReadWritePaths=/usr/local/jakarta-tomcat/webapps/smartzig/_x_logs/
ReadWritePaths=/opt/zigbee2mqtt/data/
ReadWritePaths=/opt/zigbee2mqtt/
ReadWritePaths=/opt/
将 tomcat 添加到一个组并授予该组访问该文件 i.g 所需的权限。您可以创建一个名为 webserver 的组。然后重新启动tomcat并重试。
步骤
$ sudo groupadd webserver
$ sudo usermod -a -G webserver tomcat9
$ sudo chgrp webserver configuration.yaml
$ sudo chmod g=rw configuration.yaml
$ sudo systemctl restart tomcat9
,通过向其添加权限来更新目录(包含文件)的组所有权
$ sudo chgrp webserver /opt/zigbee2mqtt/data/
$ sudo chgrp webserver /opt/zigbee2mqtt/
$ sudo chmod g=rwx /opt/zigbee2mqtt/data/
$ sudo chmod g=rwx /opt/zigbee2mqtt/
yaml文件的权限为“-rw-rw-r--”,从左到右读取
- 文件所有者可以读写(不能执行)
- 文件属主组可读写(不可执行)
- 其他人都可以阅读文件
所以,这取决于哪个用户是 运行 tomcat 进程是否可以写入文件。但每个人都应该能够阅读该文件。如果您无法读取文件,那么您可能以 read/write 模式而不是读取模式
打开文件
您可以 chmod 666 将文件的权限更改为“-rw-rw-rw-”
Tomcat 9 已沙盒化。
我想读取日志文件的数据。
文件位于“/opt/zigbee2mqtt/data/.”
我已经读过这个线程并试过了。
我编辑了文件,systemctl daemon-reload 以及 systemctl restart tomcat9。
然后我写了 java class 应该从日志文件中读取数据。但我得到一个例外。
java.io.FileNotFoundException: /opt/zigbee2mqtt/data/configuration.yaml (Permission denied)
at java.base/java.io.FileOutputStream.open0(Native Method)
at java.base/java.io.FileOutputStream.open(FileOutputStream.java:298)
at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:237)
at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:187)
at com.fasterxml.jackson.dataformat.yaml.YAMLFactory.createGenerator(YAMLFactory.java:437)
at com.fasterxml.jackson.databind.ObjectMapper.createGenerator(ObjectMapper.java:1156)
at com.fasterxml.jackson.databind.ObjectMapper.writeValue(ObjectMapper.java:3570)
at zigbee.main.doupdateconfiguration(main.java:81)
at Servlet.configuration.doPost(configuration.java:72)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.ExpiresFilter.doFilter(ExpiresFilter.java:1226)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
我想如果我用 chmod 或 chown 改变一些东西,但也许 Zigbee 服务将无法工作?我不是 Linux 专家。我不想做任何错误或不安全的事情。
root@raspberrypi:/opt/zigbee2mqtt/data# ls -halt
total 24K
drwxr-xr-x 6 pi pi 4.0K May 12 09:17 log
drwxr-xr-x 3 pi pi 4.0K May 10 18:31 .
-rw-r--r-- 1 pi pi 4.0K May 10 18:31 database.db
-rw-rw-r-- 1 pi pi 360 May 10 18:31 state.json
-rw-rw-r-- 1 pi pi 330 May 10 17:23 configuration.yaml
drwxr--r-- 12 pi pi 4.0K May 10 11:16 ..
Tomcat 9 可以读取文件并且 Zigbee 可以更新它的最佳解决方案是什么?
更新:
root@raspberrypi:/opt/zigbee2mqtt/data# ll
total 24K
-rw-rw-r-- 1 pi webservice 360 May 13 22:03 state.json
drwxrw-r-x 6 pi webservice 4.0K May 12 09:17 log
drwxr-xr-x 3 pi pi 4.0K May 10 18:31 .
-rw-rw-r-- 1 pi webservice 4.0K May 10 18:31 database.db
-rw-rw-r-- 1 pi webservice 330 May 10 17:23 configuration.yaml
drwxr--r-- 12 pi pi 4.0K May 10 11:16 ..
root@raspberrypi:/opt/zigbee2mqtt/data# id tomcat
uid=1001(tomcat) gid=1001(tomcat) groups=1001(tomcat),1002(webservice)
节选:/etc/systemd/system/tomcat9.service.d/override.conf
[Service]
ReadWritePaths=/usr/local/jakarta-tomcat/webapps/smartzig/_x_logs/
ReadWritePaths=/opt/zigbee2mqtt/data/
ReadWritePaths=/opt/zigbee2mqtt/
ReadWritePaths=/opt/
将 tomcat 添加到一个组并授予该组访问该文件 i.g 所需的权限。您可以创建一个名为 webserver 的组。然后重新启动tomcat并重试。
步骤
$ sudo groupadd webserver
$ sudo usermod -a -G webserver tomcat9
$ sudo chgrp webserver configuration.yaml
$ sudo chmod g=rw configuration.yaml
$ sudo systemctl restart tomcat9
,通过向其添加权限来更新目录(包含文件)的组所有权
$ sudo chgrp webserver /opt/zigbee2mqtt/data/
$ sudo chgrp webserver /opt/zigbee2mqtt/
$ sudo chmod g=rwx /opt/zigbee2mqtt/data/
$ sudo chmod g=rwx /opt/zigbee2mqtt/
yaml文件的权限为“-rw-rw-r--”,从左到右读取
- 文件所有者可以读写(不能执行)
- 文件属主组可读写(不可执行)
- 其他人都可以阅读文件
所以,这取决于哪个用户是 运行 tomcat 进程是否可以写入文件。但每个人都应该能够阅读该文件。如果您无法读取文件,那么您可能以 read/write 模式而不是读取模式
打开文件您可以 chmod 666 将文件的权限更改为“-rw-rw-rw-”