tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "George S." <>
Subject Re: Running sudo from a servlet
Date Sat, 25 May 2019 16:44:29 GMT
A better way to do this would be to setup something like xinetd 
listening on a socket and use a connection to the socket to trigger the 
execution. You can write a configuration/parameters file in a location.

Just a point: when you use runtime.exec on Linux, it does a fork of the 
process. That DOUBLES your process space memory. IOW, if tomcat's 
running with 4GB of memory, when you do a runtime.exec, that's going to 
double your memory usage to 8GB while the process runs. If you're not 
planning for this, it can be a nasty shock.

On 5/21/2019 11:52 AM, Claude Brisson wrote:
> Hi all.
> I use tomcat 8.5.39 and java oracle 1.8.0_191 on linux (ubuntu 19.04). 
> Tomcat was installed by apt-get and runs as a service.
> If I open a shell as the tomcat8 user, I can launch a Java program 
> which successfully executes a sudo command in a sub-process.
> But from a Java servlet, the code fails with this error from the sudo 
> executable:
>     sudo: effective uid is not 0, is /usr/bin/sudo on a file system 
> with the 'nosuid' option set or an NFS file system without root 
> privileges?
> which means that somehow, the tomcat process was unable or unwilling 
> to honor the setuid flag of the sudo command.
> Is it a special security measure ?
> If yes, is it set in tomcat ? in the JVM ? In Ubuntu's tomcat8 service 
> packaging? In systemd config?
> And is there any configuration option to relax it?
> Thanks,
>   Claude
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
George S.
*MH Software, Inc.*
Voice: 303 438 9585

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message