OpenWayback Doesn't Create Directories

[qome]

I have a working instance of 2.4.0 on Debian oldstable in the past couple of days. My attempts to get an instance of 2.4.0 running on Debian stable have been unsuccessful. It just complains that /tmp/openwayback/files1 doesn't exist even when there with acceptable permissions:

[2020-01-11 22:31:20] [info] WARNING: /tmp/openwayback/files1 is not a directory.

Full log: https://pastebin.com/raw/5TTrjCQc

debian@s1-2-bhs5:/var/lib/tomcat9/webapps$ ls -l /
drwxrwxrwt 10 root root  4096 Jan 11 22:31 tmp

debian@s1-2-bhs5:/var/lib/tomcat9/webapps$ ls -l /tmp/
total 12
drwxr-xr-x 3 tomcat tomcat 4096 Jan 11 22:30 openwayback

debian@s1-2-bhs5:/var/lib/tomcat9/webapps$ ls -l /tmp/openwayback/
total 4
drwxr-xr-x 2 tomcat tomcat 4096 Jan 11 22:30 files1

[qome]

I have confirmed this is a problem that appears on Buster but not Stretch.

I followed the following steps on a public compute module in each distro:

1. apt-get install tomcat[8/9] (this pulled the headless Java JRE)
2. systemctl stop tomcat[8/9]
3. wget the 2.4.0 archive
4. untar/ungzip the 2.4.0 archive
5. rm -r /var/lib/tomcat[8/9]/webapps/ROOT
6. cp the 2.4.0 WAR to /var/lib/tomcat[8/9]/webapps/ROOT.war
7. mkdir /tmp/openwayback/files{1,2}
8. chown -R tomcat[8/]:tomcat[8/] /tmp/openwayback
9. systemctl start tomcat[8/9]

In the case of Stretch the files I would expect are created. In the case of Buster they are not. There are no modifications to permissions.

[ato]

Just a guess as I don't have a Debian machine handy but does the tomcat systemd service have the PrivateTmp option enabled?

[ato]

Ah this might be it https://salsa.debian.org/java-team/tomcat9/blob/a40b411ac31ca6200bd26f209eeeaf1262a218d8/debian/tomcat9.service

and indeed it's got PrivateTmp enabled which gives the service its own isolated instance of /tmp not shared with the rest of the system. Also ProtectSystem/ReadWritePaths probably restrict which directories tomcat can access.

I think these options need to be changed or else wayback configured to use a path which tomcat is allowed to access.

[qome]

Gotcha, I'll experiment.

[qome]

According to the following README change: https://salsa.debian.org/java-team/tomcat9/commit/31f0f75e4529f62e5dc8f2a5908fd1a47ed27670

If write access to other directories is required the service settings
    have to be overridden. This is done by creating an override.conf file
    in /etc/systemd/system/tomcat9.service.d/ containing:

      [Service]
      ReadWritePaths=/path/to/the/directory/

    The service has to be restarted afterward with:

      systemctl daemon-reload
      systemctl restart tomcat9

I have performed this step. No openwayback directory is created in /tmp.

I created the directory tree myself and did chown -R tomcat:tomcat /tmp/openwayback

[2020-01-12 16:47:54] [info] WARNING: /tmp/openwayback/files1 is not a directory.

[qome]

I chose the following configuration which appears to work:

# /etc/systemd/system/tomcat9.service.d/override.conf
[Service]
ReadWritePaths=/var/spool/openwayback

With my base directory at /var/spool/openwayback.