commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: [DAEMON] Need to get some patches committed
Date Wed, 14 Jan 2009 04:31:28 GMT

"Mark Thomas" <markt@apache.org> wrote in message 
news:016501c9757d$d3c848d0$7b58da70$@org...
>> From: Siegfried Goeschl [mailto:siegfried.goeschl@it20one.at]
>>
>> Hi Mark,
>>
>> just a quick note - since I started the processes without "su" they did
>> not start tomcat. Okay, that is expectet but the process were still
>> running in the background - so this could be an issue ....
>
>Hmm. That doesn't look ideal. When I try and start jsvc for Tomcat (using 
>http://tomcat.apache.org/tomcat-6.0-doc/setup.html) with a non-root user I 
>get the following in catalina.err:
>
>13/01/2009 12:48:05 287 jsvc error: Cannot open PID file /var/run/jsvc.pid, 
>PID is 287
>13/01/2009 12:48:05 286 jsvc error: Service exit with a return value of 255
>

This is just saying that your user doesn't have write permission to 
/var/run.  Nothing really interesting here.  Just change the PID_FILE in the 
script to point to someplace your user has write permission.

That having been said, the use-case for running jsvc as any other user than 
root is pretty minimal.  About the only thing you get is that people with 
login access to the machine can't shut down Tomcat (and if black-hats have 
login access, you have way bigger problems).  The jsvc daemon's main reason 
for existing is to allow Tomcat to bind to a privileged port (e.g. 80,443) 
and then lose it's privileged status before it handles requests.

>
>Is there anything useful in your catalina.err file?
>
>If there is a bug here then we'll treat it as a new issue.
>
>Mark 




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message