FS#65019 - [tomcat8] only root can read /usr/share/tomcat8/bin/ jar files

Attached to Project: Arch Linux
Opened by Johannes Dewender (JonnyJD) - Thursday, 02 January 2020, 21:10 GMT
Last edited by Maxime Gauduin (Alucryd) - Tuesday, 06 September 2022, 14:03 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Maxime Gauduin (Alucryd)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No



I use ant to build an Apache Tomcat application like described here:

The application exists and works fine on other machines (Ubuntu is our production server),
but I can't build (same build files) on my dev machine because of the file permissions set by the tomcat package:

Unable to obtain resource from /usr/share/tomcat8/bin/bootstrap.jar: java.nio.file.AccessDeniedException: /usr/share/tomcat8/bin/bootstrap.jar

The problem being:
$ ls -lh /usr/share/tomcat8/bin/*.jar
-rw-r----- 1 root root 35K Jun 3 2019 /usr/share/tomcat8/bin/bootstrap.jar
lrwxrwxrwx 1 root root 34 Jun 3 2019 /usr/share/tomcat8/bin/commons-daemon.jar -> /usr/share/java/commons-daemon.jar
-rw-r----- 1 root root 49K Jun 3 2019 /usr/share/tomcat8/bin/tomcat-juli.jar

That the shell files are not accessible with non-root is probably fine,
but building tomcat webapps (directly, without eclipse) should certainly be possible as non-root.

I changed that manually the last time I set up the system, but since I set it up again now and are not under time pressure today, I would like to report the problem here.
The actual problem might be upstream packaging, but I did not report it there. (Would be nice to report it there probably though)
It would be great if this could be fixed for Arch.

The problem seems to be the same for tomcat7 and tomcat8.

Additional info:
* package version(s)
tomcat7 7.0.85-1
tomcat8 8.5.41-1
* config and/or log files etc.
* link to upstream bug report, if any

Steps to reproduce:
The current project is not public, so I can't give an easy working example (and don't have more time)
The problem with the permissions should be quite clear though.
This task depends upon

Closed by  Maxime Gauduin (Alucryd)
Tuesday, 06 September 2022, 14:03 GMT
Reason for closing:  Fixed
Additional comments about closing:  8.5.82-1
Comment by Johannes Dewender (JonnyJD) - Friday, 03 January 2020, 11:38 GMT
I created a minimal build.xml to exhibit the problem.

Put this file in a folder and run: "ant"
Which yields:
Unable to obtain resource from /usr/share/tomcat8/bin/bootstrap.jar: java.nio.file.AccessDeniedException: /usr/share/tomcat8/bin/bootstrap.jar
Comment by kkl2401 (kkl2401) - Friday, 03 January 2020, 16:26 GMT
Just out of curiosity (although this is perhaps a discussion for the forums and not the bug tracker): any reason not to use Maven or Gradle? In any case: it's actually weird (at least to me) using Tomcat's JARs to _build_ an application. I'd expect that the environment on which the application is built doesn't necessarily even have to have Tomcat (or any other application server) installed and still the application should be buildable. When the application is built, you may want to deploy it to a completely different machine, on which Tomcat is installed but where e.g. ant doesn't have to be installed (because ant isn't needed to run the application).

What I'm saying is that with Java development it's kind of customary to have all necessary libraries locally (e.g. in your HOME), no matter what libraries are actually available system-wide on the machine.