tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hayo Schmidt <str...@hayo.de>
Subject wwwrun user on UnitedLinux 1.0
Date Thu, 19 Jun 2003 15:58:43 GMT
I have installed an Apache Tomcat/4.1.24-LE-jdk14 on a UnitedLinux 1.0 
(UL) system (which is very much alike to SuSE Linux 8.x).
UL contains a Tomcat 4.0 distribution. UL also has a custom startup 
script /etc/init.d/tomcat. The script starts Tomcat with a user wwwrun:
su wwwrun -c "$TOMCAT_HOME/bin/startup.sh" ....
I shot myself in the foot by adapting this startup script to Tomcat 4.1 
(see below). Everything seemed to work fine, until "Tomcat 
Administration" webapp  failed. (It could not deploy struts.jar). 
Running under root everything works fine - so far.

What's the point?
-----------------
SuSE should have a reason for using a wwwrun user instead of root. Is it 
a possible vulnerability to Tomcat when running under user root?
We will use Tomcat in a production environment.
If somebody has a working script for UL and Tomcat41, please let me 
know. References to documentation are also welcome.

Hayo Schmidt

-------------------------------------------------------------------------

#! /bin/sh
# Copyright (c) 1995-2001 SuSE GmbH Nuernberg, Germany.
# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.
#
# Author: Rolf Haberrecker <feedback@suse.de>
# Adaptiert: hys 2003-05-16
#
# /etc/init.d/tomcat41
#
#   and symbolic its link
#
# /usr/sbin/rctomcat41
#
# System startup script for the Tomcat servlet container
#
### BEGIN INIT INFO
# Provides: tomcat41
# Required-Start: $local_fs $remote_fs
# X-UnitedLinux-Should-Start: $named $syslog $time $network
# Required-Stop:  $local_fs $remote_fs
# X-UnitedLinux-Should-Stop: $named $syslog $time $network
# Default-Start:  3 5
# Default-Stop:   0 1 2 6
# Short-Description: Tomcat Servlet Container Version 4.1
# Description:    Start Tomcat 4.1 to allow JAVA server pages
### END INIT INFO

CATALINA_HOME=/usr/java/tomcat
test -d $CATALINA_HOME/bin || exit 5


# Shell functions sourced from /etc/rc.status:
#      rc_check         check and set local and overall rc status
#      rc_status        check and set local and overall rc status
#      rc_status -v     ditto but be verbose in local rc status
#      rc_status -v -r  ditto and clear the local rc status
#      rc_failed        set local and overall rc status to failed
#      rc_failed <num>  set local and overall rc status to <num><num>
#      rc_reset         clear local rc status (overall remains)
#      rc_exit          exit appropriate to overall rc status
. /etc/rc.status

# First reset status of this service
rc_reset

# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.

case "$1" in
     start)
	echo -n "Starting Tomcat"
	## Start daemon with startproc(8). If this fails
	## the echo return value is set appropriate.

	# NOTE: startproc return 0, even if service is
	# already running to match LSB spec.
         ps -aux --cols 1024 >/var/tmp/tomcat.ps.log
         if grep "/usr/java/tomcat/temp 
org.apache.catalina.startup.Bootstrap" /var/tmp/tomcat.ps.log >/dev/null 
2>/dev/null ; then
	  rc_failed 0
         else
	  chown -R wwwrun:root $CATALINA_HOME/logs $CATALINA_HOME/work
   	  su wwwrun -c "$CATALINA_HOME/bin/startup.sh" >/var/log/tomcat.log 
2>/var/log/tomcat.log
   	  #su root -c "$CATALINA_HOME/bin/startup.sh" >/var/log/tomcat.log 
2>/var/log/tomcat.log
           sleep 1
	  #hys
	  chgrp root "$CATALINA_HOME/conf/tomcat-users.xml"
           ps -aux --cols 1024 >/var/tmp/tomcat.ps.log
           if grep "/usr/java/tomcat/temp 
org.apache.catalina.startup.Bootstrap" /var/tmp/tomcat.ps.log >/dev/null 
2>/dev/null ; then
             rc_failed 0
	  else
	    rc_failed 7
	  fi
         fi
	rm -f /var/tmp/tomcat.ps.log
	rc_status -v
	;;
     stop)
	echo -n "Shutting down Tomcat"
	## Stop daemon with killproc(8) and if this fails
	## set echo the echo return value.
         ps -aux --cols 1024 >/var/tmp/tomcat.ps.log
         if grep "/usr/java/tomcat/temp 
org.apache.catalina.startup.Bootstrap" /var/tmp/tomcat.ps.log >/dev/null 
2>/dev/null ; then
	  su wwwrun -c "$CATALINA_HOME/bin/shutdown.sh" >/var/log/tomcat.log 
2>/var/log/tomcat.log
	  #su root -c "$CATALINA_HOME/bin/shutdown.sh" >/var/log/tomcat.log 
2>/var/log/tomcat.log
           sleep 12
           ps -aux --cols 1024 >/var/tmp/tomcat.ps.log
           if grep "/usr/java/tomcat/temp 
org.apache.catalina.startup.Bootstrap" /var/tmp/tomcat.ps.log >/dev/null 
2>/dev/null ; then
	    rc_failed 1
	  else
	    rc_failed 0
	  fi
	else
	  rc_failed 0
	fi
	rm -f /var/tmp/tomcat.ps.log
	# Remember status and be verbose
	rc_status -v
	;;
     try-restart)
	## Stop the service and if this succeeds (i.e. the
	## service was running before), start it again.
         ## Note: try-restart is not (yet) part of LSB (as of 0.7.5)
         $0 status >/dev/null &&  $0 restart
	
	# Remember status and be quiet
	rc_status
	;;
     restart)
	## Stop the service and regardless of whether it was
	## running or not, start it again.
	$0 stop
	$0 start

	# Remember status and be quiet
	rc_status
	;;
     force-reload)
	## Signal the daemon to reload its config. Most daemons
	## do this on signal 1 (SIGHUP).
	## If it does not support it, restart.

	echo -n "Reload service Tomcat"
	## if it supports it:
	#killproc -HUP $TOMCAT_BIN
	#touch /var/run/FOO.pid
	#rc_status -v

	## Otherwise:
	$0 stop  &&  $0 start
	rc_status
	;;
     reload)
	## Like force-reload, but if daemon does not support
	## signalling, do nothing (!)

	# If it supports signalling:
	#echo -n "Reload service FOO"
	#killproc -HUP $TOMCAT_BIN
	#touch /var/run/FOO.pid
	#rc_status -v
	
	## Otherwise if it does not support reload:
	rc_failed 3
	rc_status -v
	;;
     status)
	echo -n "Checking for Tomcat: "
	## Check status with checkproc(8), if process is running
	## checkproc will return with exit status 0.

	# Status has a slightly different for the status command:
	# 0 - service running
	# 1 - service dead, but /var/run/  pid  file exists
	# 2 - service dead, but /var/lock/ lock file exists
	# 3 - service not running

	# NOTE: checkproc returns LSB compliant status values.
         ps -aux --cols 1024 >/var/tmp/tomcat.ps.log
         if grep "/usr/java/tomcat/temp 
org.apache.catalina.startup.Bootstrap" /var/tmp/tomcat.ps.log >/dev/null 
2>/dev/null ; then
           rc_failed 0
	else
	  rc_failed 3
	fi
	rm -f /var/tmp/tomcat.ps.log
	rc_status -v
	;;
     probe)
         ## Optional: Probe for the necessity of a reload,
         ## give out the argument which is required for a reload.
         ;;
     *)
	echo "Usage: $0 
{start|stop|status|try-restart|restart|force-reload|reload|probe}"
	exit 1
	;;
esac
rc_exit


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message