本文介绍了AWS EC2 tomcat权限被拒绝创建/写入文件的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个运行在弹性beantalk EC2上的tomcat:
I have a tomcat running on an elastic beanstalk EC2:
当Web应用程序想要创建新目录/文件时,我遇到了麻烦.我在catalina.out中遇到以下错误
I'm having trouble when the web app wants to create a new directory/file. I'm getting the following error in catalina.out
java.io.IOException: java.io.FileNotFoundException: /home/ec2-user/images/companydata/images/2/10/ac3feab8-a2db-4052-9614-eea41c0a509e.png (Permission denied)
at org.apache.catalina.core.ApplicationPart.write(ApplicationPart.java:121)
at org.springframework.web.multipart.support.StandardMultipartHttpServletRequest$StandardMultipartFile.transferTo(StandardMultipartHttpServletRequest.java:260)
at controler.RestControllerCompanyMobilePOST.uploadImage(RestControllerCompanyMobilePOST.java:183)
at controler.RestControllerCompanyMobilePOST$$FastClassBySpringCGLIB$$538488ab.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:717)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:68)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653)
at controler.RestControllerCompanyMobilePOST$$EnhancerBySpringCGLIB$$1e56492.uploadImage(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:776)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:705)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:967)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:869)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:843)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:316)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:168)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:48)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:213)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.boot.context.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:116)
at org.springframework.boot.context.web.ErrorPageFilter.access$000(ErrorPageFilter.java:60)
at org.springframework.boot.context.web.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:91)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.boot.context.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:109)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:676)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.FileNotFoundException: /home/ec2-user/images/companydata/images/2/10/ac3feab8-a2db-4052-9614-eea41c0a509e.png (Permission denied)
at java.io.FileOutputStream.open0(Native Method)
at java.io.FileOutputStream.open(FileOutputStream.java:270)
at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
at java.io.FileOutputStream.<init>(FileOutputStream.java:162)
at org.apache.tomcat.util.http.fileupload.disk.DiskFileItem.write(DiskFileItem.java:395)
at org.apache.catalina.core.ApplicationPart.write(ApplicationPart.java:119)
... 97 more
所以,我知道这是一个权限问题,所以我用Google搜索了一下,并且找到了如何通过键入以下内容来找出哪个用户启动了tomcat:
So,, I know it's a permissions issue so I googled and I've found how to find out what user started tomcat by typing:
[root@ip-172-31-1-99 tomcat8]# ps auxwww | grep -v grep | grep tomcat
ec2-user 25653 0.0 0.1 107940 676 pts/0 T 18:29 0:00 tail -F catalina.2016-01-03.log catalina.2016-01-04.log catalina.2016-01-05.log host-manager.2016-01-03.log host-manager.2016-01-05.log localhost.2016-01-03.log localhost.2016-01-05.log manager.2016-01-03.log manager.2016-01-05.log tomcat8-initd.log
ec2-user 25665 0.0 0.1 107940 752 pts/0 T 18:30 0:00 tail -F catalina.2016-01-03.log catalina.2016-01-04.log catalina.2016-01-05.log host-manager.2016-01-03.log host-manager.2016-01-05.log localhost.2016-01-03.log localhost.2016-01-05.log manager.2016-01-03.log manager.2016-01-05.log tomcat8-initd.log
ec2-user 25811 0.0 0.1 107940 656 pts/0 T 18:45 0:00 tail -F catalina.2016-01-03.log catalina.2016-01-04.log catalina.2016-01-05.log host-manager.2016-01-03.log host-manager.2016-01-05.log localhost.2016-01-03.log localhost.2016-01-05.log manager.2016-01-03.log manager.2016-01-05.log tomcat8-initd.log
tomcat 26525 4.7 72.0 2400404 436580 ? Sl 19:22 4:49 /usr/lib/jvm/jre/bin/java -DJDBC_CONNECTION_STRING= -Xms256m -Xmx256m -XX:MaxPermSize=64m -classpath :/usr/share/tomcat8/bin/bootstrap.jar:/usr/share/tomcat8/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat8 -Dcatalina.home=/usr/share/tomcat8 -Djava.awt.headless=true -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat8/temp -Djava.util.logging.config.file=/usr/share/tomcat8/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
我可以看到tomcat是由用户tomcat启动的.
And I can see tomcat was started by the user tomcat.
因此,我更改了要存储所有详细信息的根文件夹,并将chown授予了用户tomcat和group tomcat,并在其上添加了chmod 777
So, I changed the root folder where I want to store all the details and gave chown to user tomcat and group tomcat, and also chmod 777 on it
drwxrwxrwx 2 tomcat tomcat 4096 1月5日19:40图像
drwxrwxrwx 2 tomcat tomcat 4096 Jan 5 19:40 images
但是我收到相同的权限被拒绝错误.
But I'm getting the same permission denied error.
这是方法:
String StoreImageHere =
locationOfCompanyData
+ File.separator
+ locationOfImage
+ File.separator
+ user.getCompany_id()
+ File.separator +
+ notUpdatedImage.getServer_questionnaire_attempt_key()
+ File.separator ;
File uploadedFileFolderLocation = new File(locationRoot, StoreImageHere);
uploadedFileFolderLocation.mkdirs();
String storeImageName = StoreImageHere + notUpdatedImage.getImage_name();
File uploadedFile = new File(locationRoot, storeImageName);
try {
file.transferTo(uploadedFile);
} catch (IllegalStateException e) {
e.printStackTrace();
logger.error(user.getUsers_email()
+ " /api/mobile/uploadImage/{server_image_id}/ "
+ " userID[" + user.getUsers_id() + "]"
+ " error[" + e.getMessage() + "]");
} catch (IOException e) {
e.printStackTrace();
logger.error(user.getUsers_email()
+ " /api/mobile/uploadImage/{server_image_id}/ "
+ " userID[" + user.getUsers_id() + "]"
+ " error[" + e.getMessage() + "]");
}
if(uploadedFile.exists()) {
notUpdatedImage.setSync(ENUM_SYNC_STATUS.SYNCED.getValue());
notUpdatedImage = mobileManagment.updateImage(user, notUpdatedImage, ENUM_ACTIVITY_TYPE.ANSWER_INPUT_UPLOADED);
return new Gson().toJson(notUpdatedImage);
} else {
logger.error(user.getUsers_email()
+ " /api/mobile/"+VERSION+"/uploadImage/{server_image_id}/ "
+ " userID[" + user.getUsers_id() + "]"
+ " dest.exists() == false ");
}
我跑了
它返回了
在Windows计算机上,它需要此参数
On a windows machine, it takes this parameter
在Linux机器上,它需要这个
and on the linux machine, it takes this
除非我没有看到一个简单的错误
Unless there is a simple mistake that I'm just not seeing
推荐答案
您可能仍然存在权限问题.为了能够通过/home/ec2-user/images,您的"tomcat"用户需要在所有上层目录(即home和ec2-user)上都具有"x"权限.您可能可以通过更改这些目录的模式以允许其他组执行它们来解决您的问题:
You probably still have a permission issue.To be able to go through /home/ec2-user/images, your 'tomcat' user need to have 'x' right on all upper directories(ie. home and ec2-user).You can probably solve your issue by changing mode of those directories to allow Other group to execute them:
chmod o+x /home
chmod o+x /home/ec2-user
尽管如此,您不应该在敏感的系统上执行此操作.您可能想要尝试在适当的目录中进行读写.
Nevertheless, you should not do that on a sensitive system. You might want to try writing and reading in an appropriate directory.
如果不能解决您的问题,则您的问题可能与SELinux有关.
If it doesn't solve your issue, your problem might be related to SELinux.
您可以尝试使用以下命令进行检查:
You can try the following command to check:
setenforce 0
这篇关于AWS EC2 tomcat权限被拒绝创建/写入文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!