Hi, On Mon, Apr 1, 2019 at 8:36 AM Thorsten Glaser <t.gla...@tarent.de> wrote:
> Hi again Felipe, > > > If you ship this, there is no need for a LogsDirectory= entry. > > But I probably do need to add it with ReadWritePaths if we use > ProtectSystem=strict, correct? > Correct. > > > https://salsa.debian.org/java-team/tomcat9/commit/5556481b345049f32720e20d22a072ebd9b865fa Thanks for linking to the full file. I had not noticed that the unit used a specific User. This means a root-owned /var/log/tomcat9 is not going to be writable by tomcat. You should probably set it to tomcat9:adm, or add an appropriate acl (tmpfiles can do it with a `a+` line). Additionally, you might want to add `RequiresMountsFor=/var/log/tomcat9 /var/lib/tomcat9`, in case the admin has moved those dirs to a separate mount. -- Saludos, Felipe Sateler
