tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Eggers <its_toas...@yahoo.com>
Subject Re: Issue with sudo + init script
Date Fri, 03 Aug 2012 21:16:10 GMT
On 8/3/2012 12:38 PM, Shaw, Ray V CTR (US) wrote:
>
> Konstantin Kolinko wrote:
>> Note that calling startup.sh and shutdown.sh  is just a wrapper for
>> calling catalina.sh with arguments "start" and "stop" respectively.
>> I'd recommend co call catalina.sh directly instead of those wrapper
>> scripts.
>>
>> Either java fails to start (and catalina.out is opened by shell as the
>> output stream of that process - it has nothing to do with Tomcat
>> itself),  or it terminates when its parent process terminates due to
>> HUP signal.
>>
>> To exclude the former, try replace your command with "catalina.sh run
>> -security", so that Tomcat starts interactively in the same shell.
>
> I tried changing it to this:
>
> /bin/su -- tomcat $CATALINA_HOME/bin/catalina.sh run -security
>
> (as well as various permutations with the quotes remaining).  I also put an export before
CATALINA_HOME, and have tried putting quotes around the stop command (to no effect); all together,
this should address the issues André Warnier raised.
>
> When I use "run", it works correctly from sudo, but stays attached to the terminal (and
I can't seem to find any combination of nohup, exec, and/or & that will start it detached;
I can use ctrl-z and bg, but that's ugly).  When I use "start", I get the same issue as before.
>
> As requested by Stefan Mayr, the output (normally) is this (exactly the same for root
and sudo):
>
> bash-4.1# service tomcat7 start
> DES encrypted or local terminal session
> Using CATALINA_BASE:   /opt/tomcat7
> Using CATALINA_HOME:   /opt/tomcat7
> Using CATALINA_TMPDIR: /opt/tomcat7/temp
> Using JRE_HOME:        /usr/java/jdk6-64/
> Using CLASSPATH:       /opt/tomcat7/bin/bootstrap.jar:/opt/tomcat7/bin/tomcat-juli.jar
> Using Security Manager
>
> Adding a -x to the /bin/sh at the top of catalina.sh didn't seem to indicate any differences
when running as root versus sudo.
>
> Thanks everyone for your replies.
>
> --Ray

Ray,

I've not checked to see if my scripts work with sudo, but they seem to 
work as system startup / shutdown as well as from root.

My base start command looks like this:

$SU - $TOMCAT_USER -c "${CONFIG_OPTS} ${CAT_PID} ${TOMCAT_INSTANCE} 
start" >> $SERVICE_LOG 2>&1

Please ignore the wrapping - it's all one line.

Now for some explanations

$SU - this is the su command to run
If you're running SELinux, you'll need to set this to /sbin/runuser.

$TOMCAT_USER - this is the user to run under
I run multiple Tomcat services, and sometimes it's nice to have a 
service run as a different unprivileged user. Otherwise I have things 
set up for a default user.

${CONFIG_OPTS} - per services configuration options
For each service I have a configuration file that sets bunches of items. 
This includes CATALINA_HOME, CATALINA_BASE, JRE_HOME, and JAVA_HOME. The 
service name reads this information from a configuration file of the 
same name, validates the information, and creates the appropriate export 
commands.

This gives me the option of running multiple JREs and multiple versions 
of Tomcat all without editing shell scripts.

${CAT_PID} - per service PID file
This instructs catalina.sh to write its pid to a known file.

${TOMCAT_INSTANCE} - location of catalina.sh
This is based on the name of the script, and the location of 
CATALINA_HOME / CATALINA_BASE.

$SERVICE_LOG - echos information about the service
This is where all of the startup stuff gets written. It's nice, since I 
have a record for each service concerning what CATALINA_HOME (and 
therefore version of Tomcat) it's based on, what version of Java it's 
using, and when the current version was started. I can also get the time 
last started from /var/run/tomcatn/servicename.

I suspect that instead of su, you need to use /sbin/runuser, and you 
need to send the output somewhere (hence >> $SERVICE_LOG 2>&1 on my 
start line).

My entire script is rather long, ugly, and took a while to write. I'm 
not a shell script programmer, but it seems to be working well in 
production on both CentOS 5.8 and 6.3.

Hope this gets you going in the right direction.

/mde/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message