tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Tomcat Security Limitation
Date Wed, 10 Oct 2012 14:37:03 GMT
Mouradk wrote:
> Hi Chris,
> 
> I am using Tomcat6 on ubuntu 10.10. I suppose when you say CATALINA_OPTS you mean that
in /usr/share/tomcat6/bin/catalina.sh .
> I have added this as such:
> 
> CATALINA_OPTS="$CATALINA_OPTS $JPDA_OPTS, -Djava.security.debug=all"
> 
> I have also set the logging level to FINE in $CATALINA_HOME/conf/logging.properties
> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = FINE
> 
> But not getting debug messages?
> 

Mouradk,

Each Linux distribution has different ways of "packaging" software like Tomcat, and the 
people on this list do not all have the same system, and they do not necessarily know 
which files you are talking about on /your/ system.
(These packages have a tendency to spread the software and the settings over many 
directories and files; and they all do it differently).

For that reason, most people here will tend to refer to the "standard" Tomcat 
distribution, which is the one that you can download from the Tomcat website, and which is

know to all (and is much simpler in terms of file structure).

The following info is thus only because I happen to have Tomcat running under Linux Debian

(similar to Ubuntu), and can compare things with my system.

Then,

- in general, if you want to follow how the Tomcat6 package starts Tomcat under 
Ubuntu/Debian, look at the /etc/init.d/tomcat6 script.  That is the one that pulls in all

the other ones, sets the options, etc..
- in the line you show above, there is a (wrong) comma after "$JPDA_OPTS".  Remove it.
- you should generally not modify the catalina.sh script
- if you make changes to environment variables like CATALINA_OPTS, put them in the 
separate script "setenv.sh", which you will also find in the /usr/share/tomcat6/bin/ 
directory.  This will be read by the catalina.sh script at startup of Tomcat.
Add the line as :
CATALINA_OPTS="$CATALINA_OPTS -Djava.security.debug=all"
- under Ubuntu (as under Debian), you probably need to edit another file in order to have

the JVM start with the Java security manager enabled.  I don't know for Ubuntu, but under

Debian it would be /etc/default/tomcat6 and it should have a line like :
TOMCAT_SECURITY=yes (or no)


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message