tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gregor Schneider <rc4...@googlemail.com>
Subject Re: New jsvc (commons-daemon-native); catalina.out is owned by root - WTF?
Date Wed, 01 Dec 2010 16:31:23 GMT
Hi André,

long time no see ;)

On Wed, Dec 1, 2010 at 12:20 PM, André Warnier <aw@ice-sa.com> wrote:
>
> As far as I know, these startup scripts are created by the packagers of
> Debian, RedHat etc.. when they wrap Tomcat in a platform-specific package.
> /They/ are the ones who decide how they call up jsvc, where the logfiles go,
> under what permissions etc..
>

That's actually not the case:

The startaup-script for Tomcat native comes with the jscv-sources,
meaning it's *not* some pre-packaged Debian-thing.

However, I guess I know what's going on:

The script is started from user Tomcat via "sudo". One parameter for
jsvc is the parameter "user".

When invoking jsvc with "--help", is says:

----- [ cut] --------
    -user <user>
        user used to run the daemon (defaults to current user)
----- [ cut] --------

Seems somehow to work, since a

ps -aux | more | grep tomcat

gives

tomcat   29386  0.9  3.4 1651348 139244 ?      Sl   16:31   0:25
jsvc.exec -user tomcat -home /home/tomcat/local/jdk15/
-Dcatalina.home=/home/tomcat/local/tomcat55/
-Dcatalina.base=/home/tomcat/local/tomcat55/ -Djava.io.tmpdir=/var/tmp
-Dlog4j.configuration=log4j.xml -wait 10 -pidfile /var/run/jsvc.pid
-outfile /home/tomcat/local/tomcat55//logs/catalina.out -errfile &1
-Xmx1024m -XX:PermSize=256m -XX:+DisableExplicitGC
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.util.logging.config.file=/home/tomcat/local/tomcat55//conf/logging.properties
-Xdebug -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n
-cp /home/tomcat/local/jdk15//lib/tools.jar:/home/tomcat/local/tomcat55//bin/commons-daemon.jar:/home/tomcat/local/tomcat55//bin/bootstrap.jar
org

So you can clearly see, that the process is started from user
"tomcat", although the startup-script is started in root-context (due
to the "sudo"-command).

jsvc is *not* forking a jvm, but wrapping it and starting it with it's
own user-context, although it's supposed to change the user-context
according to the help-text I've listed above.

And I would be so picky if it had the same behaviour with version
5.5.20, but in 5.5.20 catalina.out had tomcat-ownership.

So it seems, somebody changed something here, and I'm even too dumb to
find anything in the changelogs, which I wouldn't like at all, either
being a tomcat-user or a comitter...

For the time being, I put this little fix into the startup-script, but
still, I'm not too happy with this hack:

#
# workaround to prevent root-ownership for catalina.out
#
if [ ! -f $CATALINA_HOME/logs/catalina.out ]; then
    touch $CATALINA_HOME/logs/catalina.out
    chown $TOMCAT_USER $CATALINA_HOME/logs/catalina.out
else
    OWNER=`ls -l $CATALINA_HOME/logs/catalina.out | grep $TOMCAT_USER`
    if [ -z "$OWNER" ]; then
        chown $TOMCAT_USER:$TOMCAT_USER $CATALINA_HOME/logs/catalina.out
    fi
fi
#
# end workaround
#

Cheers!

Gregor
-- 
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available
@ http://pgpkeys.pca.dfn.de:11371
@ http://pgp.mit.edu:11371/
skype:rc46fi

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message