加固你的TOMCAT,让TOMCAT在chroot的环境下运行

众所周知,chroot下linux系统的一个安全机制,chroot是linux内核的一个系统调用,通过它,可以设定应用软件的运行环境,让应用软件运行在一个特定目录下,这样,即使应用软件有安全漏洞,被入侵,入侵者也被限制在一个特定的目录,从面限制了入侵者的破坏范围。加固了系统的安全性。本文以tomcat为例,详细记录了tomcat以chroot的方式运行的配置过程,也记录配置过程中的出错及排错方法。

环境及工具:系统64位的CentOS6.4、dk为jdk-7u45-linux-x64.tar.gz、apache-tomcat-6.0.41.tar.gz

一、配置java chroot环境

1、先配置jdk,这次配置使用的是 jdk-7u45-linux-x64.tar.gz

tar zxvf jdk-7u45-linux-x64.tar.gz

mkdir /usr/java

cp -a jdk1.7.0_45 /usr/java/

[[email protected] local]# /usr/java/jdk1.7.0_45/bin/java -version

java version "1.7.0_45"

Java(TM) SE Runtime Environment (build 1.7.0_45-b18)

Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)

jdk可以正常启动

2、配置jdk chroot

我选算了 /chroot为 tomcat的根目录

#D=/chroot

#mkdir -p $D

#cd $D

mkdir -p lib lib64 etc tmp dev usr

chmod 755 etc dev usr

chmod 1777 tmp

cp -a /etc/hosts etc/hosts

为了chroot的环境更接近实际的系统根目录,还需要一个特殊的目录,如果无这些目录,将来可能会报错

mkdir -p /chroot/dev/pts

cd /dev

./MAKEDEV -d /chroot/dev null radom urandom zero loop* log console

cp MAKEDEV /chroot/dev

cp -a /dev/shm /chroot/dev

[[email protected] local]# ldd /usr/java/jdk1.7.0_45/bin/java

linux-vdso.so.1 => (0x00007fffeafd0000)

libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f3a58efd000)

libjli.so => /usr/java/jdk1.7.0_45/bin/../lib/amd64/jli/libjli.so (0x00007f3a58ce5000)

libdl.so.2 => /lib64/libdl.so.2 (0x00007f3a58ae1000)

libc.so.6 => /lib64/libc.so.6 (0x00007f3a5874e000)

/lib64/ld-linux-x86-64.so.2 (0x00007f3a59123000)

把上面几个库文件复制到/chroot/lib64/目录下

[[email protected] local]# ls /chroot/lib64/

ld-linux-x86-64.so.2 libc.so.6 libdl.so.2 libpthread.so.0

[[email protected] local]# rm -rf /chroot/usr/java/

[[email protected] local]# mkdir /chroot/usr/java

[[email protected] local]# cp -a /usr/java/jdk1.7.0_45 /chroot/usr/java/

[[email protected] local]# ls /chroot/usr/java/

jdk1.7.0_45

以chroot方式运行java,

[[email protected] local]# chroot /chroot /usr/java/jdk1.7.0_45/bin/java

/usr/java/jdk1.7.0_45/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory

有报错,根据错误可以是缺少相应的库文件,只要把这些文件复制过来就OK了

[[email protected] local]# find / -name libjli.so

/usr/java/jdk1.7.0_45/jre/lib/amd64/jli/libjli.so

/usr/java/jdk1.7.0_45/lib/amd64/jli/libjli.so

/usr/local/jdk1.7.0_45/jre/lib/amd64/jli/libjli.so

/usr/local/jdk1.7.0_45/lib/amd64/jli/libjli.so

/chroot/usr/java/jdk1.7.0_45/jre/lib/amd64/jli/libjli.so

/chroot/usr/java/jdk1.7.0_45/lib/amd64/jli/libjli.so

[[email protected] local]# cp /chroot/usr/java/jdk1.7.0_45/lib/amd64/jli/libjli.so /chroot/lib64/

[[email protected] local]# chroot /chroot /usr/java/jdk1.7.0_45/bin/java -version

Error: dl failure on line 863

Error: failed /usr/java/jdk1.7.0_45/jre/lib/amd64/server/libjvm.so, because libm.so.6: cannot open shared object file: No such file or directory

[[email protected] local]#

[[email protected] local]#

[[email protected] local]# find / -name libm.so.6

/lib64/libm.so.6

[[email protected] local]# cp /lib64/libm.so.6 /chroot/lib64/

[[email protected] local]# chroot /chroot /usr/java/jdk1.7.0_45/bin/java -version

Java HotSpot(TM) 64-Bit Server VM warning: Can‘t detect initial thread stack location - find_vma failed

java version "1.7.0_45"

Java(TM) SE Runtime Environment (build 1.7.0_45-b18)

Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)

这样,可以正常启动java了,但还是有一个警告信息,这是因为jave检测不到相关进程引起的,而linux系统的进程信息是存放在/proc这个目录的,因些,我们还要在/chroot下挂载这个特殊的目录,方法如下

[[email protected] local]# mkdir /chroot/proc

[[email protected] local]# mount -t proc proc /chroot/proc

[[email protected] local]# chroot /chroot /usr/java/jdk1.7.0_45/bin/java -version

java version "1.7.0_45"

Java(TM) SE Runtime Environment (build 1.7.0_45-b18)

Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)

至此,jdk才算完成配置,这时,让我们查看一下启动JDK需要用到下面几个库,需要注意的是,库文件的位置及名字有可能在不同的版本系统中有差别,但一般都可以根据相关的报错信息,找到相应库文件,并复制过来就OK了

[[email protected] local]# ls /chroot/lib64/

ld-linux-x86-64.so.2 libc.so.6 libdl.so.2 libjli.so libm.so.6 libpthread.so.0

二、以下开始配置tomcat了,把tomcat将在/chroot/usr/local这个目录下运行

[[email protected] local]# mkdir /chroot/usr/local

[[email protected] local]# mv apache-tomcat-6.0.41-src /chroot/usr/local/tomcat

[[email protected] local]# chroot /chroot /usr/local/tomcat/bin/catalina.sh start

chroot: failed to run command `/usr/local/tomcat/bin/catalina.sh‘: Permission denied

[[email protected] local]# ls /chroot/usr/local/tomcat/bin/catalina.sh -al

-rw-r--r--. 1 root root 17717 5月 19 18:51 /chroot/usr/local/tomcat/bin/catalina.sh

[[email protected] local]# chmod 755 /chroot/usr/local

[[email protected] local]# chmod 755 /chroot/usr/local/tomcat/bin/*.sh

[[email protected] local]# chroot /chroot /usr/local/tomcat/bin/catalina.sh start

chroot: failed to run command `/usr/local/tomcat/bin/catalina.sh‘: No such file or directory

再次[[email protected] local]# strace chroot /chroot /usr/local/tomcat/bin/catalina.sh start

留意末部信息

execve("/usr/local/tomcat/bin/catalina.sh", ["/usr/local/tomcat/bin/catalina.s"..., "start"], [/* 25 vars */]) = -1 ENOENT (No such file or directory)

open("/usr/share/locale/locale.alias", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/usr/share/locale/zh_CN.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/usr/share/locale/zh_CN.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/usr/share/locale/zh_CN/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/usr/share/locale/zh.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/usr/share/locale/zh.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/usr/share/locale/zh/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)

write(2, "chroot: ", 8chroot: ) = 8

write(2, "failed to run command `/usr/loca"..., 57failed to run command `/usr/local/tomcat/bin/catalina.sh‘) = 57

open("/usr/share/locale/zh_CN.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/usr/share/locale/zh_CN.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/usr/share/locale/zh_CN/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/usr/share/locale/zh.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/usr/share/locale/zh.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)

open("/usr/share/locale/zh/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)

write(2, ": No such file or directory", 27: No such file or directory) = 27

write(2, "\n", 1

) = 1

close(1) = 0

close(2) = 0

exit_group(127) = ?

因为启动tomcat的是一个shell的脚本,因此,在chroot里还需要一个运行bash shell的环境

[[email protected] local]# cd /chroot/

[[email protected] chroot]# mkdir -p bin

[[email protected] chroot]# cp /bin/bash bin/

[[email protected] chroot]# ln -s /bin/bash bin/sh

[[email protected] chroot]# cd lib64

[[email protected] lib64]# pwd

/chroot/lib64

[[email protected] lib64]# ldd /bin/bash

linux-vdso.so.1 => (0x00007fff2536e000)

libtinfo.so.5 => /lib64/libtinfo.so.5 (0x00007f0c47bb5000)

libdl.so.2 => /lib64/libdl.so.2 (0x00007f0c479b1000)

libc.so.6 => /lib64/libc.so.6 (0x00007f0c4761d000)

/lib64/ld-linux-x86-64.so.2 (0x00007f0c47ddf000)

[[email protected] lib64]# cp /lib64/libtinfo.so.5 /chroot/lib64/

[[email protected] lib64]# cp /lib64/libdl.so.2 /chroot/lib64/

cp:是否覆盖"/chroot/lib64/libdl.so.2"? n

[[email protected] lib64]# cp /lib64/libc.so.6 /chroot/lib64/

cp:是否覆盖"/chroot/lib64/libc.so.6"? n

[[email protected] lib64]# cp /lib64/ld-linux-x86-64.so.2 /chroot/lib64/

cp:是否覆盖"/chroot/lib64/ld-linux-x86-64.so.2"? n

测试 bash是否可以在chroot下正常运行,由于这前已经复制部分的库,所以会提示是否覆盖

[[email protected] lib64]# chroot /chroot /bin/bash

bash-4.1# pwd

/

注意,这时的bash shell提示符已经改变了,这说明已经可以在chroot下正常启动bash了

bash-4.1# ls

bash: ls: command not found

bash-4.1# exit

exit

[[email protected] lib64]#

再次启动tomcat,报错的内容已经不一样了,报错的内容很详细,就是有几个命令找不到,那么,我们把这些命令及相应的库复制到chroot的相应目录即可

[[email protected] lib64]# chroot /chroot /usr/local/tomcat/bin/catalina.sh start

/usr/local/tomcat/bin/catalina.sh: line 89: uname: command not found

/usr/local/tomcat/bin/catalina.sh: line 109: dirname: command not found

Cannot find //bin/setclasspath.sh

This file is needed to run this program

[[email protected] lib64]#

[[email protected] lib64]# cp /bin/uname /chroot/bin/

[[email protected] lib64]# mkdir - /chroot/usr/bin

[[email protected] lib64]# cp /usr/bin/dirname /chroot/usr/bin/

[[email protected] lib64]# ldd /bin/uname

linux-vdso.so.1 => (0x00007fff4b5ff000)

libc.so.6 => /lib64/libc.so.6 (0x00007fcfde5b8000)

/lib64/ld-linux-x86-64.so.2 (0x00007fcfde954000)

[[email protected] lib64]# ldd /usr/bin/dirname

linux-vdso.so.1 => (0x00007fffb93ea000)

libc.so.6 => /lib64/libc.so.6 (0x00007f8ad0266000)

/lib64/ld-linux-x86-64.so.2 (0x00007f8ad0602000)

[[email protected] lib64]# ls /chroot/lib64

- ld-linux-x86-64.so.2 libc.so.6 libdl.so.2 libjli.so libm.so.6 libpthread.so.0 libtinfo.so.5

相关的库之前已经复制了,所以,这里就不需要再复制,再次运行comcat

[[email protected] lib64]# chroot /chroot /usr/local/tomcat/bin/catalina.sh start

Neither the JAVA_HOME nor the JRE_HOME environment variable is defined

At least one of these environment variable is needed to run this program

[[email protected] lib64]#

这次报错的是环境变量的问题,把变量加进去限可,我们先看看catalina.sh这个文件,里面调用了setclasspath.sh 而报错的内容便在setclasspath.sh脚本里。因此,我在setclasspath.sh设置JAVA_HOME变量

[[email protected] bin]# vi /chroot/usr/local/tomcat/bin/setclasspath.sh

# Make sure prerequisite environment variables are set

export JAVA_HOME=/usr/java/jdk1.7.0_45

export JRE_HOME=/usr/java/jdk1.7.0_45/jre

if [ -z "$JAVA_HOME" -a -z "$JRE_HOME" ]; then

if $darwin; then

# Bugzilla 54390

if [ -x ‘/usr/libexec/java_home‘ ] ; then

export JAVA_HOME=`/usr/libexec/java_home`

# Bugzilla 37284 (reviewed).

elif [ -d "/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home" ]; then

export JAVA_HOME="/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home"

fi

else

JAVA_PATH=`which java 2>/dev/null`

if [ "x$JAVA_PATH" != "x" ]; then

JAVA_PATH=`dirname $JAVA_PATH 2>/dev/null`

JRE_HOME=`dirname $JAVA_PATH 2>/dev/null`

fi

if [ "x$JRE_HOME" = "x" ]; then

# XXX: Should we try other locations?

if [ -x /usr/bin/java ]; then

JRE_HOME=/usr

fi

fi

fi

if [ -z "$JAVA_HOME" -a -z "$JRE_HOME" ]; then

echo "Neither the JAVA_HOME nor the JRE_HOME environment variable is defined"

echo "At least one of these environment variable is needed to run this program"

exit 1

fi

fi

"setclasspath.sh" 119L, 4252C written

再次运行,还是出错,但已经接近成功了,

[[email protected] bin]# chroot /chroot /usr/local/tomcat/bin/catalina.sh start

/usr/local/tomcat/bin/catalina.sh: line 193: tty: command not found

Using CATALINA_BASE: /usr/local/tomcat

Using CATALINA_HOME: /usr/local/tomcat

Using CATALINA_TMPDIR: /usr/local/tomcat/temp

Using JRE_HOME: /usr/java/jdk1.7.0_45/jre

Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar

/usr/local/tomcat/bin/catalina.sh: line 354: touch: command not found

/usr/local/tomcat/bin/catalina.sh: line 371: /usr/local/tomcat/logs/catalina.out: No such file or directory

报错还是由相关系统命令调用及文件权限的引用的,打它复制过来

[[email protected] bin]# cp /bin/touch /chroot/bin/

[[email protected] bin]# ldd /bin/touch

linux-vdso.so.1 => (0x00007fff9343f000)

librt.so.1 => /lib64/librt.so.1 (0x00007fbd55ccc000)

libc.so.6 => /lib64/libc.so.6 (0x00007fbd55939000)

libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fbd5571b000)

/lib64/ld-linux-x86-64.so.2 (0x00007fbd55edd000)

[[email protected] bin]# cp /lib64/librt.so.1 /chroot/lib64/

[[email protected] bin]# mkdir /chroot/usr/local/tomcat/logs

[[email protected] bin]# chmod 666 /chroot/usr/local/tomcat/logs

[[email protected] bin]#

[[email protected] bin]# chroot /chroot /usr/local/tomcat/bin/catalina.sh start

/usr/local/tomcat/bin/catalina.sh: line 193: tty: command not found

Using CATALINA_BASE: /usr/local/tomcat

Using CATALINA_HOME: /usr/local/tomcat

Using CATALINA_TMPDIR: /usr/local/tomcat/temp

Using JRE_HOME: /usr/java/jdk1.7.0_45/jre

Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar

把tty这个程序复制过来

[[email protected] bin]# cp /usr/bin/tty /chroot/usr/bin/

[[email protected] bin]# ldd /usr/bin/tty

linux-vdso.so.1 => (0x00007fff1f5ff000)

libc.so.6 => /lib64/libc.so.6 (0x00007f82f2cd9000)

/lib64/ld-linux-x86-64.so.2 (0x00007f82f3075000)

[[email protected] bin]# chroot /chroot /usr/local/tomcat/bin/catalina.sh start

Using CATALINA_BASE: /usr/local/tomcat

Using CATALINA_HOME: /usr/local/tomcat

Using CATALINA_TMPDIR: /usr/local/tomcat/temp

Using JRE_HOME: /usr/java/jdk1.7.0_45/jre

Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar

终于无报错了,大功造成了?怎么回事,java 进程还是起不来

[[email protected] bin]# ps auxf|grep java

root 1449 0.0 0.0 103240 852 pts/1 S+ 11:46 0:00 \_ grep java

查看下了上tomcat的日志

[[email protected] local]# more /chroot/usr/local/tomcat/logs/catalina.out

Error: Could not find or load main class org.apache.catalina.startup.Bootstrap

[[email protected] local]# ls /chroot/usr/local/tomcat/bin/bootstrap.jar

ls: 无法访问/chroot/usr/local/tomcat/bin/bootstrap.jar: 没有那个文件或目录

原来是这个包缺少一个文件

重新从官方网站下载了一个完整的包,解压

#wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-6/v6.0.41/bin/apache-tomcat-6.0.41.tar.gz

[[email protected] local]# cd /chroot/usr/local/

[[email protected] local]# ls

tomcat

[[email protected] local]# mv tomcat tomcat.bak

[[email protected] local]# mv /usr/local/apache-tomcat-6.0.41 ./tomcat

并在/chroot/usr/local/tomcat/bin/setclasspath.sh加入环境变量

[[email protected] bin]# vi /chroot/usr/local/tomcat/bin/setclasspath.sh

# Make sure prerequisite environment variables are set

export JAVA_HOME=/usr/java/jdk1.7.0_45

export JRE_HOME=/usr/java/jdk1.7.0_45/jre

再次运行

[[email protected] local]# chroot /chroot /usr/local/tomcat/bin/catalina.sh start

Using CATALINA_BASE: /usr/local/tomcat

Using CATALINA_HOME: /usr/local/tomcat

Using CATALINA_TMPDIR: /usr/local/tomcat/temp

Using JRE_HOME: /usr/java/jdk1.7.0_45/jre

Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar

[[email protected] local]# ps auxf|grep java

root 8220 0.0 0.0 103240 852 pts/0 S+ 10:19 0:00 \_ grep java

root 8201 179 6.7 1443396 68980 pts/0 Sl 10:19 0:05 /usr/java/jdk1.7.0_45/jre/bin/java -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/local/tomcat/endorsed -classpath /usr/local/tomcat/bin/bootstrap.jar -Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat -Djava.io.tmpdir=/usr/local/tomcat/temp org.apache.catalina.startup.Bootstrap start

终于成功了!把iptables的TCP8080端口打开,便可以通过http://ip:8080访问了

时间: 2024-10-06 06:59:25

加固你的TOMCAT,让TOMCAT在chroot的环境下运行的相关文章

Eclipse在Tomcat环境下运行项目出现NoClassDefFoundError/ClassNotFoundException解决办法

For this error, there can be different solutions. I have noted down the ones that had worked for me. Solution 1. This is always happened in deployment and debugging environment. In deployment environment, just make sure your server classpath has incl

linux环境下配置jdk+tomcat环境

最近在学习java,其中最重要的一项是将jdk 环境配置好,同时在jdk中结合tomcat开发基于应用,所以在这里记录下. 配置环境: 系统环境:centos 6.3  64位 ,jdk:jdk-6u29-linux-x64.bin ,  tomcat:apache-tomcat-6.0.35.zip  这里需要注意的地方是  jdk 安装时要和系统位数相同,这里我的系统是64位所以这里使用的是jdk 64 位. 开始配置: 这里我将要安装的软件,上传到/usr/loca/目录下,使用 rz 

window 和 linux 环境下杀死tomcat进程——也可以解决其他端口被占用的问题

1.应用场景 在Windows或者linux操作系统中,我们在启动一个tomcat服务器时,经常会发现8080端口已经被占用的错误,而我们又不知道如何停止这个tomcat服务器. 2.window环境下杀死进程 1.首先查找到占用8080端口的进程号PID是多少(tomcat默认是8080端口,假如你修改了tomcat的监听端口,请输入你的tomcat端口号) netstat -ano | findstr 8080 这个命令输出的最后一列表示占用8080端口的进程号是多少,假设为9572 2.k

Linux环境下在Tomcat上部署JavaWeb工程

本文讲解如何将我们已经编译好的JavaWeb工程在Linux环境下的Tomcat上进行部署,总体上的思路是和Windows下JavaWeb项目部署到tomcat差不多,具体步骤和命令如下. 注:部署之前必须已经在Linux上安装好JDK,具体如何在Linux上安装JDK见:Linux环境下安装JDK 1 准备工作 1.下载安装Xshell.Xftp(用于远程连接Linux主机,具体自行百度) 2.官网下载Linux下tomcat安装包,我用的是:apache-tomcat-6.0.45.tar.

Tomcat学习总结(11)——Linux下的Tomcat安全优化

1.web.xml配置及修改: 站点默认主页: <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> </welcome-file-list> 404及500设置 <error-page

Tomcat集群环境下session共享方案梳理(1)-通过memcached(MSM)方法实现

对于web应用集群的技术实现而言,最大的难点就是:如何能在集群中的多个节点之间保持数据的一致性,会话(Session)信息是这些数据中最重要的一块.要实现这一点, 大体上有两种方式: 一种是把所有Session数据放到一台服务器上或者数据库中,集群中的所有节点通过访问这台Session服务器来获取数据: 另一种就是在集群中的所有节点间进行Session数据的同步拷贝,任何一个节点均保存了所有的Session数据. Tomcat集群session同步方案有以下几种方式: 1)使用tomcat自带的

Ubuntu下配置Tomcat以指定(非root)身份运行

My Blog:http://www.outflush.com/ 通常情况下,在配置Tomcat生产环境时,通常会配置Tomcat以特定的身份运行(非root),这样有利于提高安全性,防止网站被黑后的进一步权限提升. 本文依赖的环境: Ubuntu(其实大部分同样适用于CentOS) JVM(安装并已配置好环境变量) gcc.make等编译工具 JAVA_HOME=/usr/lib/jvm/jdk1.7.0_55 CATALINA_HOME=/usr/local/apache-tomcat-7.

linux环境下tomcat启动成功,请求页面出现404

这种情况很多,本文记录我遇到比较奇葩的情况. 第一次tomact启动成功,访问404,乱捣鼓不知怎么好了:第二次tomcat启动成功,可以访问部分链接,有些却报404,但是代码和数据都还是以前的,没有变.很奇怪! 经常同事指点,查清原因: 请求tomcat里的jsp,tomcat会自动在work目录下生产相关jsp文件,web访问的是work里的,而不是webapps里的.之所以出现我这种情况,是因为tomcat一开始是用一般用户启动的,请求了几个页面后再用root启动,再请求几个页面后又变成一

Tomcat修改favicon.ico图标,Linux下Tomcat修改favicon.ico图标,Tomcat更换favicon.ico图标

Tomcat修改favicon.ico图标,Linux下Tomcat修改favicon.ico图标,Tomcat更换favicon.ico图标 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ?Copyright 蕃薯耀 2017年3月2日 http://www.cnblogs.com/fanshu