geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <djen...@gluecode.com>
Subject Re: GBean Last Startup
Date Wed, 27 Apr 2005 06:14:59 GMT

On Apr 26, 2005, at 9:06 PM, David Blevins wrote:

> On Tue, Apr 26, 2005 at 11:16:16PM -0400, Mark wrote:
>> Hi all,
>>
>> I have a need to start Geronimo as the root user under Solaris and 
>> then
>> once it’s started switch the effective user of the process to a user
>> with fewer privileges. Part of the requirement is to allow Geronimo to
>> startup using ports lower than 1024. Once all the server sockets have
>> been created the process user can be switched.
>>
>> Does the Geronimo kernel have the ability to load a GBean last? I am
>> thinking that I could create a GBean to perform the user switch. If 
>> this
>> GBean was started last, then I would know that Tomcat, Jetty, OpenEJB
>> and other server services would have already initialized their server
>> sockets.
>>
>> Alternatively, I could create a GBean that has a collection or 
>> reference
>> to other network service GBeans. Once I get this reference, I know the
>> kernel has loaded the GBeans, but I may not know their status 
>> (started,
>> stopped or waiting). I’ve noticed that in GBeanInstance, there is a
>> magic attribute to get a GBeans state.
>>
>> Sound possible or am I way off here?
>>
>
> You could take the code from the maven-geronimo-plugin and expand off
> the waitForStarted goal which is basically just code that blocks till 
> the
> configuration you are waiting for starts.
>
> -David

that will work if the code you want to wait is in a different process 
than the gbean you are waiting for.
If you want a gbean to start after some others in a single kernel the 
best way is to have dependencies on them.

Depending on a configuration does not guarantee that all gbeans in the 
configuration will have been started: the framework will have tried to 
start them at least once, but if a contained gbean depends on a 
non-existent or non-started gbean the configuration will start anyway.

I'm not exactly sure what you are trying to do here or how you plan to 
do it.  If you open a socket on a reserved port as root and then change 
user won't there be a time during which connections will be accepted 
and code from the accepted request run as root?  Is this a security 
hole?

thanks
david jencks



>


Mime
View raw message