tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alan Chaney <a...@compulsivecreative.com>
Subject Re: jsvc creates pid file owned by root
Date Fri, 11 Apr 2008 13:07:00 GMT
You shouldn't be messing about with the ownership of the PID file. It is 
created by jsvc at startup. If you use jsvc properly it will start as 
root, create the pid file, startup tomcat, allow tomcat to bind to ports 
80 and 443 and then switch to the user specified with -user switch.

When you install jsvc from the version which is part of the tomcat 
distribution it comes with a shell script called 'tomcat'

Here's an (edited) extract from my version.


.....

# Set umask to avoid tomcat making tomcat-users.xml public readable
umask 027  # == 640

PID_FILE=/var/run/jsvc.pid

.....

/usr/lib/tcnative/jsvc \
      -user $TOMCAT_USER \
      -home $JAVA_HOME \
      -Dcatalina.home=$CATALINA_HOME \
      -Dcatalina.base=$CATALINA_BASE \
      -Djava.io.tmpdir=$TMP_DIR \
      -Xmx512m \
      -XX:MaxPermSize=128m \
      -wait 10 \
      -pidfile $PID_FILE \
      -outfile $CATALINA_HOME/logs/catalina.out \
      -errfile '&1' \
      $CATALINA_OPTS \
      -cp $CLASSPATH \
      org.apache.catalina.startup.Bootstrap


....



I set a lot of options in CATALINA_OPTS which are passed to the vm - for 
example my JMX switches, various application configuration properties.

I set the umask to 027 because that makes files read/write for tomcat 
and read-only for the tomcat group and read protected for the rest. This 
was because tomcat re-writes the tomcat-users.xml (which I happen to be 
using for the moment) at start up.


Gunnar Boström wrote:
> Hi,
> Answers to all of you who has responded.
> 
> I would be fine with 644 but I don't know how to set that.
see umask above

> The file is owned by root so I'm not allowed to change it.

> My umask is by default 0022 which should be okay. I tried to set the mask to
> 0000 but no change.
read about linux umask - you need to set it at the right point

> I created a pid file with the correct permissions but as expected jsvc
> ignored it.
You SPECIFY the pid file as a parameter to the startup of jsvc. -pidfile 
as above.

So this is what you do - assuming you are using a startup script like 
the provided 'tomcat':

1. Set an appropriate umask in the startup script
2. Set a pidfile location wherever you need it
3. start up tomcat

EITHER as root by going

./tomcat start


OR

sudo ./tomcat start if you want to stay as a normal logged in user.

You need to have your sudo permissions set of course - but that's 
another longer story.


The whole point of using jsvc is that it allows you to change user from 
a privileged user to a normal user because no-one should run a web 
server as root.

HTH


> 
> I was hoping that there were some undocumented switches in jsvc that I could
> use.
> 
> Regards
> Gunnar
> 
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message