tags:

views:

432

answers:

2
Q: 

Java AccessControlException: keeping getting File IO error when trying to write log file

Hi,

I keep getting an Java IO exception when the application is trying to initialize the log. Here is the stack trace. /var/lib/tomcat6/logs has permission for anyone to read and write to it.

java.security.AccessControlException: access denied (java.io.FilePermission /var/lib/tomcat6/logs/socksserver.log write)
    java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
    java.security.AccessController.checkPermission(AccessController.java:546)
    java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    java.lang.SecurityManager.checkWrite(SecurityManager.java:962)
    java.io.FileOutputStream.<init>(FileOutputStream.java:169)
    java.io.FileOutputStream.<init>(FileOutputStream.java:102)
    common.log.ThreadFileWriter.init(ThreadFileWriter.java:50)
    common.log.LogConfiguration.initLog(LogConfiguration.java:50)
    socksviahttp.server.ServletSocks.logInit(ServletSocks.java:113)
    socksviahttp.server.ServletSocks.init(ServletSocks.java:59)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:597)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:115)
    org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
    org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
    org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
    org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    java.lang.Thread.run(Thread.java:619)
+1  A: 

The exception stack trace indicates it's not a file permission error, but rather you're running Tomcat under a security manager, for which you have not set up the permission to allow it to write to that path.

policytool is a neat program to help you create policy files that you can configure the security manager with.

Chris Jester-Young  2009-07-13 17:27:37
A: 

Not sure I have the exact same problem as you or that I've even fully solved my own, however, here's a shot at helping out. In short I think it might have to do with the Java Security Manager and the configuration of your $CATALINA_BASE path.

I've been getting the following error messages from my Tomcat6 Solr 1.3 install on a daily basis:

java.security.AccessControlException: access denied (java.io.FilePermission /var/lib/tomcat6/logs read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342) at java.security.AccessController.checkPermission(AccessController.java:553) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at java.io.File.exists(File.java:748) at java.io.File.mkdirs(File.java:1195)

.......

The file permissions were set correctly for the log directory and the logs were created after the message was thrown the first time. But the error would recur the next day with the creation of a newly rotated log file.

After a bit of digging I learned that the error was being thrown by the Java Security Manager and don't have anything to do with OS file permissions. As it turned out the JSM logging settings were being driven off of the $CATALINA_BASE path which was not correctly configured in my installation. $CATALINA_BASE should point to the location of the dynamically created files for tomcat, however, when not configured it defaults to the $CATALINA_HOME dir which is where the tomcat binaries live. As a result I'm not sure that JSM had the correct permissions to manipulate files in the log directory.

I've added CATALINA_BASE = "/var/lib/tomcat6" to my catalina.sh file and believe that I've resolved the problem.

Hopefully this is correct/helpful information!

kpw  2009-08-25 15:33:30

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?