commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Palmreuther (JIRA)" <>
Subject [jira] [Created] (DAEMON-250) Dropping privileges "too late"
Date Thu, 03 May 2012 09:26:50 GMT
Peter Palmreuther created DAEMON-250:

             Summary: Dropping privileges "too late"
                 Key: DAEMON-250
             Project: Commons Daemon
          Issue Type: Bug
          Components: Jsvc
    Affects Versions: 1.0.10
         Environment: FreeBSD 8.3-RELEASE, OpenJDK 1.6.0_30-b24
            Reporter: Peter Palmreuther

When using "{{-user}}" argument for "{{jsvc}}" controlled (child) process runs as given user.
Alas the privileges dropping was done after several critical initializations already have
been done.

Consider "{{-user www}}", while process started as "{{root}}" and this code:

                Preferences userRoot = null;
                try \{
                        userRoot = Preferences.userRoot();
                \} catch (Exception e) \{
                \} finally \{
                        System.out.println("Prefs userRoot: " + ((null != userRoot)?userRoot.toString():"null"));

Output (stderr) is:

03.05.2012 11:00:31 java.util.prefs.FileSystemPreferences$2 run
WARNUNG: Couldn't create user preferences directory. User preferences are unusable.
03.05.2012 11:00:31 java.util.prefs.FileSystemPreferences$2 run
WARNUNG: Permission denied
Exception in thread "Thread-2" java.lang.SecurityException: Could not lock User prefs. Lock
file access denied.
	at java.util.prefs.FileSystemPreferences.checkLockFile0ErrorCode(
	at java.util.prefs.FileSystemPreferences.lockFile(
	at java.util.prefs.FileSystemPreferences.sync(
	at java.util.prefs.FileSystemPreferences.flush(
	at java.util.prefs.FileSystemPreferences.syncWorld(
	at java.util.prefs.FileSystemPreferences.access$1200(
	at java.util.prefs.FileSystemPreferences$5$

{{ktrace}}-ing the example clearly shows the process is trying to access {{/root/.java/.userPrefs}}
(and below), although according to {{www}} being the targeted runtime user this should be

I wouldn't mind, if this wouldn't render usage of {{java.util.prefs.*}} unusable. I'm running
a Tomcat with Nexus inside and the latter obviously tries to store preferences "the java way".
This seems to be pretty impossible when Tomcat is started using {{jsvc}} (as it is per default
in FreeBSD 8.3-RELEASE for Tomcat 7).

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message