tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: New jsvc (commons-daemon-native); catalina.out is owned by root - WTF?
Date Tue, 30 Nov 2010 21:33:18 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gregor,

On 11/30/2010 4:18 PM, Gregor Schneider wrote:
> Mladen,
> 
>> Believe it or not, this is intentional and correct behavior.
>> Almost any server behaves like that.
> 
> thanks for sharing your views on this one, which I, however, do not share at
> all
> 
> besides, no server behaves like you're stating:

Apache httpd acts this way:

$ ls -l /usr/sbin/apache2
- -rwxr-xr-x 1 root root 365308 Apr 19  2010 /usr/sbin/apache2

$ grep ErrorLog /etc/apache2/apache2.conf
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
ErrorLog /var/log/apache2/error.log

$ sudo ls -l /var/log/apache2/error.log
- -rw-r----- 1 root adm 16813 Nov 30 15:33 /var/log/apache2/error.log

Looks like root ownership to me.

> if an application is started in a non-root-context and producing any output
> such as log-files, those files usually are owned by the user in whose
> context the application is running.

Try running 'stat jsvc' and tell us who the "user context" should be?

> besides, superuser root can watch / edit those files anyway.
> and what sense should any generated output make, if the app-owner is not
> able to read those files, esp.  when those files contain stuff such as
> logging-information?
> therefor, in my humble opinion, i'd consider such a behaviour as a bug

Patches are always welcome :)

How about something like a new option for jsvc "-outfilePriv
unprivileged|privileged" or something: that would indicate that the log
file should be opened either before or after root privileges are dropped.

Also, have you tried setting your umask before launching jsvc? You may
get a lot of mileage out of

umask 0022
jsvc ...

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkz1bZ4ACgkQ9CaO5/Lv0PD4EQCgnwQzsIrgHe1E/QOxouZ0kyY4
R3UAoKoVj9KoMY/joXvIfHpUJ1D/1R8X
=ExC+
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message