Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
As you will also notice, symbolic links have very strange looking permissions (777), yet everyone is not able to read or write to the linked file.
Permissions or ownership of symbolic links do not make any difference, and they can not be changed after the link is made. Don't worry about it, if you are having problems, then you just need to change the permissions of the file that it is linking to.
As long as all the folders in the path to the folder you want to have access to have the execute bit set, then you should be able to access the directory.
If you are still haveing problems you may want to post the permissions to the folders in question, as I have a feeling that is where the problem is.
What are the permissions (not ownership) of the /opt/apache-tomcat-5.5 directory and the files in it? Also, is it a Linux file system (not something like vfat)? chadl is correct in that if the link's permissions are rwxrwxrwx then it's not the link stopping you from accessing the contents of /opt/apache-tomcat-5.5
Thanks for your reply. It got me thinking about what it was I should really be doing...
The objective is .. 1) To install tomcat into the /opt directory, which is owned by root, 2) to symlink it so that when I install upgrades I only need to change the symbolic link and 3) to be able to manage the server as my own user, rather than logging in or switching to root each time I wish to start/stop tomcat.
So what I did was to create a user and a group, both named "developer". The user has no home directory. ( I wonder if I needed to create this user..) I made developer, myself, and root as members of the group developer. And I've tried to offer group ownership of tomcat to developer so that I could access it.
Here is the output from what you asked me to do...
Code:
[me@localhost ~]$ su - developer
Password:
su: warning: cannot change directory to : No such file or directory
-bash-3.00$ cd /opt/apache-tomcat-5.5.20
-bash-3.00$ ls -l /opt/apache-tomcat-5.5.20
total 120
drwxrwx--- 2 developer developer 4096 Oct 20 09:25 bin
drwxrwx--- 6 developer developer 4096 Oct 14 12:12 common
drwxrwx--- 3 developer developer 4096 Nov 1 13:45 conf
-rwxrwx--- 1 developer developer 11357 Sep 12 09:12 LICENSE
drwxrwx--- 2 developer developer 4096 Nov 1 12:15 logs
-rwxrwx--- 1 developer developer 688 Sep 12 09:12 NOTICE
-rwxrwx--- 1 developer developer 6744 Sep 12 09:10 RELEASE-NOTES
-rwxrwx--- 1 developer developer 6964 Sep 12 09:12 RUNNING.txt
drwxrwx--- 5 developer developer 4096 Sep 12 09:10 server
drwxrwx--- 4 developer developer 4096 Sep 12 09:10 shared
drwxrwx--- 2 developer developer 4096 Oct 14 09:24 temp
drwxrwx--- 10 developer developer 4096 Nov 1 13:45 webapps
drwxrwx--- 3 developer developer 4096 Oct 14 11:07 work
-bash-3.00$ cd /opt/tomcat
-bash-3.00$ ls -l /opt/tomcat
lrwxrwxrwx 1 root root 20 Oct 14 10:19 /opt/tomcat -> apache-tomcat-5.5.20
-bash-3.00$
...I've done this before, I can't remember how I did it, but at one time I was able to get this to work.
If I understand what you're trying to do, you need to set the group sticky bit on the directories. That way, when members of the developer group modify files, the group membership of the file stays as developer and other members of the group can modify the files. Running the following as root, will set the modified permissions:
Code:
find /opt/apache-tomcat-5.5 -type d -exec chmod -c g+s {} \;
I switched to root user, changed directory into /opt and entered the command into the shell as you instructed.. ( That's cool, running an exec command inside find like that. Never knew. *Learning Every day* )
What I saw was the following printed to the console for every file within /opt/apache..
Code:
mode of ' <full path to filename> ' changed to 2770 (rwxrws---)
That looked promising. So I restarted the computer and logged into my own non-administrator account and tried to execute a file which was a symbolic link to the startup file inside the tomcat directory. And the following was the result.
Code:
Using CATALINA_BASE: /opt/tomcat
Using CATALINA_HOME: /opt/tomcat
Using CATALINA_TMPDIR: /opt/tomcat/temp
Using JRE_HOME: /usr/java/jdk1.5.0_06
touch: cannot touch '/opt/tomcat/logs/catalina.out': Permission denied
/opt/tomcat/bin/catalina.sh: line 258: /opt/tomcat/logs/catalina.out: Permission denied
That command was run as the user developer, is that right? That's similar to how I start Tomcat on my system. My Tomcat directory is owned by my jakarta user and the startup script runs this way:
Code:
/bin/su - jakarta -c /usr/local/bin/start-tomcat.sh
If you run su - develop can you manually run touch /opt/tomcat/logs/catalina.out? That will at least identify whether something strange is happening with that account.
That command was run as the user developer, is that right?
Actually no, I ran that while I was logged in as myself. I assumed that since I was part of the developer group that I could do that.. But I'm confused about things..
Quote:
Originally Posted by gilead
That's similar to how I start Tomcat on my system. My Tomcat directory is owned by my jakarta user and the startup script runs this way:
Code:
/bin/su - jakarta -c /usr/local/bin/start-tomcat.sh
I tried to reproduce what you have done using my own setup but it didn't work, but the idea looks good. So I went back and reviewed something I had found on the web a while ago - Installing Tomcat - Running Tomcat as Non-Root User. Section 3.5 here... http://www.linux-sxs.org/internet_serving/c140.html
Quote:
Originally Posted by gilead
If you run su - develop can you manually run touch /opt/tomcat/logs/catalina.out? That will at least identify whether something strange is happening with that account.
That's a good idea, I'll try that next. And I'm also going to read up a bit on groups and permissions and ownerships because I don't understand why this isn't working. But yeah maybe the developer account itself is toast. In the meantime, thanks again.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Thanks a lot man...!
