Question posted in 
Tomcat 9 is sandboxed.
I want to read data of a log file.
The file is in “/opt/zigbee2mqtt/data/.“
I read this thread already and tried it.
How to allow Tomcat war app to write in folder
I edited the file, and did systemctl daemon-reload as well as systemctl restart tomcat9.
Then I wrote my java class with should read the data out of the log file. But I get an exception.
java.io.FileNotFoundException: /opt/zigbee2mqtt/data/configuration.yaml (Permission denied)
at java.base/java.io.FileOutputStream.open0(Native Method)
at java.base/java.io.FileOutputStream.open(FileOutputStream.java:298)
at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:237)
at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:187)
at com.fasterxml.jackson.dataformat.yaml.YAMLFactory.createGenerator(YAMLFactory.java:437)
at com.fasterxml.jackson.databind.ObjectMapper.createGenerator(ObjectMapper.java:1156)
at com.fasterxml.jackson.databind.ObjectMapper.writeValue(ObjectMapper.java:3570)
at zigbee.main.doupdateconfiguration(main.java:81)
at Servlet.configuration.doPost(configuration.java:72)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.ExpiresFilter.doFilter(ExpiresFilter.java:1226)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
I think if I change something with chmod or chown, but maybe the Zigbee service won’t work? I am not the Linux expert. I don’t want to do anything wrong or insecure.
root@raspberrypi:/opt/zigbee2mqtt/data# ls -halt
total 24K
drwxr-xr-x 6 pi pi 4.0K May 12 09:17 log
drwxr-xr-x 3 pi pi 4.0K May 10 18:31 .
-rw-r--r-- 1 pi pi 4.0K May 10 18:31 database.db
-rw-rw-r-- 1 pi pi 360 May 10 18:31 state.json
-rw-rw-r-- 1 pi pi 330 May 10 17:23 configuration.yaml
drwxr--r-- 12 pi pi 4.0K May 10 11:16 ..
What would be the best solution that Tomcat 9 can read the file and Zigbee can update it either?
Update:
root@raspberrypi:/opt/zigbee2mqtt/data# ll
total 24K
-rw-rw-r-- 1 pi webservice 360 May 13 22:03 state.json
drwxrw-r-x 6 pi webservice 4.0K May 12 09:17 log
drwxr-xr-x 3 pi pi 4.0K May 10 18:31 .
-rw-rw-r-- 1 pi webservice 4.0K May 10 18:31 database.db
-rw-rw-r-- 1 pi webservice 330 May 10 17:23 configuration.yaml
drwxr--r-- 12 pi pi 4.0K May 10 11:16 ..
root@raspberrypi:/opt/zigbee2mqtt/data# id tomcat
uid=1001(tomcat) gid=1001(tomcat) groups=1001(tomcat),1002(webservice)
Extraxt of: /etc/systemd/system/tomcat9.service.d/override.conf
[Service]
ReadWritePaths=/usr/local/jakarta-tomcat/webapps/smartzig/_x_logs/
ReadWritePaths=/opt/zigbee2mqtt/data/
ReadWritePaths=/opt/zigbee2mqtt/
ReadWritePaths=/opt/
2
Answers
Add the tomcat to a group and grant this group the required access to that files, i.g. you can create a group called
webserver. Then restart tomcat and try again.Steps
, Update the group ownership of the directories (that contains the files) by adding the permissions to it
The permissions of the yaml file are “-rw-rw-r–” which reads left to right
So, it depends on which user is running the tomcat process if you can write to the file. But everyone should be able to read the file. If you can’t read the file then you probably opening the file in read/write mode instead of read mode
You could
chmod 666the file to change the permissions to “-rw-rw-rw-“