Jim Archer wrote:
>
> We attempted to configure the jBoss/Tomcat 2.2.1 bundle
> so that anywhere jBoss or Tomcat had to write was in a
> directory below /var while jBoss was installed below
> /usr, but no luck. We were not sure is this is possible.
> We did review the mail list and the docs. As near as we
> can tell, inthe case of jBoss, it writes to /log and
> /tmp. Anywhere else?
I'm trying to do the same with jboss/jetty on my debian systems.
Maybe we could put our heads together to come up with an
acceptable way to administer jboss in a unix environment. I'd
contribute some docs if we can come up with something.
I started by making a user "jboss" with a /bin/false shell,
thinking that I'd be able to limit the container's write access.
That was ill-concieved, of course, because port 80 is privileged.
[Jetty] java.net.BindException: Permission denied
So then I have to run as root, making sure that most of
the files are
-r--r--r-- root root
...except for $JBOSS_HOME/log, $JBOSS_HOME/tmp, and
$JBOSS_HOME/conf/<name>/jboss-auto.jcml (and possibly
others we haven't yet discovered?) that JBoss needs to
write to -- which should be
-rw-r--r-- root root
Is that basically what you had to do Jim?
There are other issues, such as the document root which
one may want writeable by some www-data group, and perhaps
a servlet directory that developers can write to on a
shared developer box.
Another piece of the puzzle is a sysvinit script that
responds to start, stop, and restart -- and does the right
thing.
I suppose another way to make this less ugly would be to figure
out how to run Tomcat/JBoss in the same process where Tomcat
is using Apache as the request handler through mod_jk. I
haven't seen anybody report success with this, but it would
be nice since Apache, unlike a 100% java solution, doesn't
have problems calling setuid after being started as root, and
so the servlet/ejb container could run as a regular user.
Is there anybody out there thinking about these issues?
Maybe this is not so difficult as I'm making it out to be?
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
