tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Gibby <dgi...@resumerabbit.com>
Subject Re: UNIX+Apache+Tomcat Situtation
Date Tue, 21 Oct 2003 19:48:21 GMT
This really sounds like it is a unix permissions issue, but it could be 
a Security issue with java as well. I don't know as much about the java 
Security model, but I can tell you things to check for with unix 
permissions:

So if 'developer' is the owner of the tomcat directory, and your webapps 
and all files that are trying to be written are under that directory, it 
sounds like it works fine for you when 'developer' starts tomcat- so 
tomcat is run as the developer user, and since developer has rights to 
create files under that directory, it works fine.
On the other hand your tomcat user doesn't sound like it has rights.

I would suggest that you always run tomcat as the tomcat user, and make 
developer and root start it as the tomcat user.
That can be easily done with a startup script instead of calling 
$TOMCAT_HOME/bin/startup.sh directly or whatever it is.
I would make sure that the directories all have the tomcat user as the 
owner and group, and then add root and developer to that group.

What Unix is this? Linux? Solaris?
Here is the format to make tomcat run as the tomcat user with a 
/etc/rc.d/tomcat

I also have catalina.out automatically rotated every time I start tomcat.

#!/bin/sh
 ##################################################################

# Comments to support chkconfig on RedHat Linux
# chkconfig: 2345 84 84
# description: A very fast and reliable J2EE Servlet Container.


timestamp=`date +%Y-%m-%d-%H%M%S`
echo "timestamp= $timestamp"

LD_ASSUME_KERNEL=2.2.5
export LD_ASSUME_KERNEL
echo "LD_ASSUME_KERNEL= $LD_ASSUME_KERNEL"

JAVA_HOME=/usr/local/java
export JAVA_HOME
echo "JAVA_HOME= $JAVA_HOME"

CLASSPATH=/usr/local/java/jre/lib/core.jar:/usr/local/java/jre/lib/server.jar
export CLASSPATH
echo "CLASSPATH= $CLASSPATH"

TOMCAT_HOME=/usr/local/jakarta-tomcat
export TOMCAT_HOME
echo "TOMCAT_HOME= $TOMCAT_HOME"

#CATALINA_OPTS="-Xms196m -Xmx896m -Dbuild.compiler.emacs=true"
#export CATALINA_OPTS
#echo "CATALINA_OPTS= $CATALINA_OPTS"

 case $1 in
 'start')
     su tomcat4 -c "mv $TOMCAT_HOME/logs/catalina.out 
$TOMCAT_HOME/logs/catalina.$timestamp"
     su tomcat4 -c "$TOMCAT_HOME/bin/startup.sh"
     sleep 10
     /usr/sbin/apachectl graceful
     ;;
 'stop')
     su tomcat4 -c "$TOMCAT_HOME/bin/shutdown.sh"
     ;;
 'status')
     ps auxw | fgrep tomcat | fgrep -v status | fgrep -v grep | fgrep -v 
tail
     ;;
 *)
     echo "usage: $0 {start|stop|status}"
     ;;
 esac
# END OF /etc/rc.d/tomcat

Daniel


earle.flynn@ps.ge.com wrote:

>Hello,
>I have a situation where if a developer owns Tomcat 3 and stops/starts
>server the apps on that server all j2ee web-apps run fine. If I as root or
>'tomcat_user' or su to developer id stop/start Tomcat 3 then all j2ee
>web-apps run except modules that produce .jpegs dynamically. In the latter
>case Tomcat was setup so that the user who stop/started Tomcat owned all
>file/directories.
>
>My first response was to make all files/directories world
>read,write,execute. It must be a UNIX permission thing right. Also I umask'd
>and source'd the UNIX personal env of each user to be world
>read,write,execute on any directories/files created but still no difference,
>the graphs are not displayed. The graph libs are using JFreechart, btw. 
>
>This is a long running issue and I would appreciate any help as I am not
>sure if this is a UNIX or Tomcat or JFreechart issue. Any suggestions? Why
>would I not be able to remotely log into box, su - to developer id and
>stop/start Tomcat with all apps functioning? Also, developer's personal UNIX
>acct is basic stock settings with no extra frills.
>
>Regards,
>Earle
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>  
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message