HomeFor the convenience and secure management of publiccms, we typically use systemd to manage services like nginx, tomcat, and mysql for our clients.
Recently, while installing the tomcat service on a Linux system to run publiccms, we encountered the following error,no matter how the permissions are adjusted, it has no effect:
HSARCH600154: Unable to start index: HSARCH600015: Unable to initialize index directory: /data/publiccms/indexes: Read-only file system Context: index 'CmsContent'
After investigation, we found that the system service configuration included the following security settings:
[Service] # Security User=tomcat Group=tomcat ProtectSystem=strict ReadWritePaths=/etc/tomcat/Catalina/ ReadWritePaths=/var/lib/tomcat/webapps/ ReadWritePaths=/var/log/tomcat/
Here, ProtectSystem=strict indicates that the process runs in a systemd sandbox environment. This configuration takes precedence over Linux file permissions. After the process starts, all paths except those explicitly allowed for read-write access are set to read-only.
Adding the following line resolved the issue:
ReadWritePaths=/data/publiccms/
For non-production environments, you can also use the following configuration, which won't generate error messages if the data directory doesn't exist:
ReadWritePaths=-/data/publiccms/
Alternatively, you can append this path to other ReadWritePaths entries, separating them with spaces.
0条评论