RE: Orion on unix systems
If you have a JVM for HPUX, yes... The only JVM that *may* run in HPUX that I know of is Kaffe (http://www.kaffe.org) HTH JP -Original Message- From: Derek Akers [mailto:[EMAIL PROTECTED]] Sent: Martes, 16 de Enero de 2001 12:25 To: Orion-Interest Subject: Orion on unix systems Question: can orion run on HPUX?
Re: Orion on unix systems
Hi Derek, Sure it can. Check out the FAQ on orionserver.com. I'm running Orion on FreeBSD myself. BTW: You should make your question more specific. What HPUX version (10, 11, etc) are you referring to, and what JRE/JDK did you have in mind (if any)? -- Ernst Derek Akers wrote: Question: can orion run on HPUX?
RE: Orion on unix systems
Looks like HP has a SDK/JRE: http://www.unix.hp.com/java/java2/sdkrte/index.html -Jason -Original Message- From: Juan Lorandi (Chile) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 16, 2001 12:23 PM To: Orion-Interest Subject: RE: Orion on unix systems If you have a JVM for HPUX, yes... The only JVM that *may* run in HPUX that I know of is Kaffe (http://www.kaffe.org) HTH JP -Original Message- From: Derek Akers [mailto:[EMAIL PROTECTED]] Sent: Martes, 16 de Enero de 2001 12:25 To: Orion-Interest Subject: Orion on unix systems Question: can orion run on HPUX?
Re: Orion on Unix (again)
Try this: nohup java -jar orion.jar /dev/null 21 /dev/null you can also redirect the application mesages to somewhere sensible using the orion.jar command line Envelope-to: [EMAIL PROTECTED] From: "Heng Chee, Lee - SG" [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Subject: Orion on Unix (again) Date: Wed, 10 Jan 2001 11:55:32 +0800 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Hi, First all, thanks for answering my previous question about running orion as non-root user. I have another question which I couldn't find any info in the orionsupport site. I would like to be able to telnet from a remote machine to my Sun box and start the orion remotely, so far so good, but once I exit from my telnet client, the orion.jar process died. I tried to use "nohup java -jar orion.jar" but this doesn't help. I think the question above is the same as to keep the orion running even after the shell that you use to start up the orion process has terminated. Is it possible to run orion as a daemon process? Thanks and best regards Lee
Re: Orion on Unix (again)
Yes we had this problem also. I wasn't able to figure out why in the short time frame we had, 1hr and it doesn't happen on our solaris boxes only the development box our client had set up. So my assumption is it's some kind of paranoid security setting on Solaris. We got around it by not exiting, just killing the terminal. Not the solution I'd prefer, but it seemed to work. -Lkb On Tue, 9 Jan 2001, Sach Jobb wrote: First of all, don't ever use telnet for anything. It's a clear text protocol and anyone snooping the line can easily snag your username and password. The suitable replacement for telnet (actually all rsh services) is SSH (secure shell) which uses encrypted sessions, and is thus difficult to monitor and crack. For moving files between machines you can use scp (secure copy) or sftp (secure ftp), because, ftp is also a clear text protocol. I use OpenSSH (http://www.openssh.com/) because it's opensource and made by paranoid BSD people. OpenSSH will require OpenSSL (http://www.openssl.org/) which is also open source. There _might_ be binaries out there for solaris but more likely you will have to compile them yourself. A usefull site is (http://www.sunfreeware.com/) as they have alot of binaries for solaris. For fun with packet sniffing checkout dsniff (http://www.monkey.org/~dugsong/dsniff/). Now, on to the problem you are having. We had the same problem as we've recently deployed on a Solaris box ourselves, but i can't remember how we fixed it so i'm forwarding this to my co-worker lorin who maybe able to answer it for you. thanks, sach On Wed, 10 Jan 2001, Heng Chee, Lee - SG wrote: Hi, First all, thanks for answering my previous question about running orion as non-root user. I have another question which I couldn't find any info in the orionsupport site. I would like to be able to telnet from a remote machine to my Sun box and start the orion remotely, so far so good, but once I exit from my telnet client, the orion.jar process died. I tried to use "nohup java -jar orion.jar" but this doesn't help. I think the question above is the same as to keep the orion running even after the shell that you use to start up the orion process has terminated. Is it possible to run orion as a daemon process? Thanks and best regards Lee
Orion on Unix (again)
Hi, First all, thanks for answering my previous question about running orion as non-root user. I have another question which I couldn't find any info in the orionsupport site. I would like to be able to telnet from a remote machine to my Sun box and start the orion remotely, so far so good, but once I exit from my telnet client, the orion.jar process died. I tried to use "nohup java -jar orion.jar" but this doesn't help. I think the question above is the same as to keep the orion running even after the shell that you use to start up the orion process has terminated. Is it possible to run orion as a daemon process? Thanks and best regards Lee
orion on unix
Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. Honestly, my knowledge on unix system admin is very limited. Ok, now I have this problem: I have untar the orion archieve to a folder called orion, this folder and all the files and subfolders under it are belongs to a user name 'orion', the group access permission for this folder (and all it's files) are also called 'orion'. When I log in to unix as user 'orion' and try to start up the app server by typing java -jar orion.jar, I get a message "Error starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to have root access just for starting up the orion server.(Our project still in the development phase so we need to start and stop the server quite often) I am puzzle with this error because I have already set the owner of all the files under orion folder to be 'orion', and orion app server is using it's own http-server internally so it shouldn't has any permission problem. I think that orion app server might try to access some of the unix system file which must have root access, if this is the case can someone tell me which file it it? Or is there any alternative work around for this problem? Thanks and best regards Lee
Re: orion on unix
Hi, Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. [...] starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to [...] Or is there any alternative work around for this problem? On a UNIX (or derivate) systems, only root can bind to the lower 1024 ports, this means you cannot start orion on the default HTTP port 80. There is an attribute of the web-site tag called "port" in the default-web-site.xml, typically the line should look like: web-site host="[ALL]" port="8080" display-name="Default Orion WebSite" Which will cause the webserver to bind to the 8080 port. You can access this page from a browser with the following url: http://server:8080/ hth, Robert.
RE: orion on unix
This is because the default http port 80 is privliged. If you don't want to run as root, reconfigure Orion to run on a non-privliged port such as 8080 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Heng Chee, Lee - SG Sent: 07 January 2001 08:54 To: Orion-Interest Subject: orion on unix Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. Honestly, my knowledge on unix system admin is very limited. Ok, now I have this problem: I have untar the orion archieve to a folder called orion, this folder and all the files and subfolders under it are belongs to a user name 'orion', the group access permission for this folder (and all it's files) are also called 'orion'. When I log in to unix as user 'orion' and try to start up the app server by typing java -jar orion.jar, I get a message "Error starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to have root access just for starting up the orion server.(Our project still in the development phase so we need to start and stop the server quite often) I am puzzle with this error because I have already set the owner of all the files under orion folder to be 'orion', and orion app server is using it's own http-server internally so it shouldn't has any permission problem. I think that orion app server might try to access some of the unix system file which must have root access, if this is the case can someone tell me which file it it? Or is there any alternative work around for this problem? Thanks and best regards Lee
Re: orion on unix
There is a util available on Linux called "ipchains" that can redirect all requests from port 80 to 8080. After you set it up with root user, u can run Orion as non-root on port 8080 and without clients even noticing it. Find out if there is such a tool on Unix that u are running. Never run Orion as ROOT. Even Orion team says that there might be some security leaks if running Orion as root. There is tutorial that i've read @ www.orionsupport.com called "Running Orion on Linux" that has explanation about users and everything. Take a look maybe it will help. And ofcourse same website has tutorial named "Running Orion on Unix" maybe it has instructions that u need. I hope this helps -Anton - Original Message - From: "Ronald Hatcher" [EMAIL PROTECTED] To: "Orion-Interest" [EMAIL PROTECTED] Sent: Sunday, January 07, 2001 6:15 AM Subject: RE: orion on unix This is because the default http port 80 is privliged. If you don't want to run as root, reconfigure Orion to run on a non-privliged port such as 8080 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Heng Chee, Lee - SG Sent: 07 January 2001 08:54 To: Orion-Interest Subject: orion on unix Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. Honestly, my knowledge on unix system admin is very limited. Ok, now I have this problem: I have untar the orion archieve to a folder called orion, this folder and all the files and subfolders under it are belongs to a user name 'orion', the group access permission for this folder (and all it's files) are also called 'orion'. When I log in to unix as user 'orion' and try to start up the app server by typing java -jar orion.jar, I get a message "Error starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to have root access just for starting up the orion server.(Our project still in the development phase so we need to start and stop the server quite often) I am puzzle with this error because I have already set the owner of all the files under orion folder to be 'orion', and orion app server is using it's own http-server internally so it shouldn't has any permission problem. I think that orion app server might try to access some of the unix system file which must have root access, if this is the case can someone tell me which file it it? Or is there any alternative work around for this problem? Thanks and best regards Lee
RE: orion on unix
You could run the following command in your script as root: ipchains -A input --destination-port 80 -p tcp -j REDIRECT 10080 Then su to the orion user and start orion on a port 1024 as non root, there is an article on orionsupport.com about this but it's down at the moment. Christian Billen -Original Message- From: Heng Chee, Lee - SG [SMTP:[EMAIL PROTECTED]] Sent: Sunday, January 07, 2001 2:54 AM To: Orion-Interest Subject:orion on unix Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. Honestly, my knowledge on unix system admin is very limited. Ok, now I have this problem: I have untar the orion archieve to a folder called orion, this folder and all the files and subfolders under it are belongs to a user name 'orion', the group access permission for this folder (and all it's files) are also called 'orion'. When I log in to unix as user 'orion' and try to start up the app server by typing java -jar orion.jar, I get a message "Error starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to have root access just for starting up the orion server.(Our project still in the development phase so we need to start and stop the server quite often) I am puzzle with this error because I have already set the owner of all the files under orion folder to be 'orion', and orion app server is using it's own http-server internally so it shouldn't has any permission problem. I think that orion app server might try to access some of the unix system file which must have root access, if this is the case can someone tell me which file it it? Or is there any alternative work around for this problem? Thanks and best regards Lee
RE: orion on unix
Since Solaris doesn't have ipchains, you may have better luck using ssh port forwarding. something like ssh -L80:nnn.nnn.nnn.nnn:8080 orion@localhost Ron Hatcher -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Christian Billen Sent: 07 January 2001 16:20 To: Orion-Interest Subject: RE: orion on unix You could run the following command in your script as root: ipchains -A input --destination-port 80 -p tcp -j REDIRECT 10080 Then su to the orion user and start orion on a port 1024 as non root, there is an article on orionsupport.com about this but it's down at the moment. Christian Billen -Original Message- From: Heng Chee, Lee - SG [SMTP:[EMAIL PROTECTED]] Sent: Sunday, January 07, 2001 2:54 AM To: Orion-Interest Subject:orion on unix Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. Honestly, my knowledge on unix system admin is very limited. Ok, now I have this problem: I have untar the orion archieve to a folder called orion, this folder and all the files and subfolders under it are belongs to a user name 'orion', the group access permission for this folder (and all it's files) are also called 'orion'. When I log in to unix as user 'orion' and try to start up the app server by typing java -jar orion.jar, I get a message "Error starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to have root access just for starting up the orion server.(Our project still in the development phase so we need to start and stop the server quite often) I am puzzle with this error because I have already set the owner of all the files under orion folder to be 'orion', and orion app server is using it's own http-server internally so it shouldn't has any permission problem. I think that orion app server might try to access some of the unix system file which must have root access, if this is the case can someone tell me which file it it? Or is there any alternative work around for this problem? Thanks and best regards Lee
Re: orion on unix
Yes, but sudo will still run orion with UID 0. This will not improve security. Then you might as well make a group called 'orion', and put all the users that need access to orion into this group. Change the dir/file perms so that it is read/writable for these users. If you try to get orion to run non-root because of security, follow the example on orionsupport. --nils Scott M. Stirling([EMAIL PROTECTED])@Sun, Jan 07, 2001 at 01:49:15PM -0500: I think there is a better solution than using ipchains (which I'm not sure is supported anywhere but on Linux, and is bound to incurr some overhead, though I'm not sure if it would be significant), or at least an alternative. Install sudo if you haven't already. You have to configure sudo with the names/groups of users and their permissions. What sudo does is allow non-root users to execute super user commands and temporarily attain super user privileges for the purpose of executing commands. You can have users enter a password to use sudo, or you can configure sudo to allow users/groups to use it without a password. In any case, make sure the actual root password and the sudo password are different, that way no one needs to know the root password except root. To use sudo, once installed, you just prefix sudo to any command in order to use it: sudo reboot sudo java -jar orion.jar etc. http://www.courtesan.com/sudo/ On 07 Jan 2001 16:54:01 +0800, Heng Chee, Lee - SG wrote: Hi, I used to run orion on NT machine and now I have to deploy it on a Sun Sparc Solaris machine. Honestly, my knowledge on unix system admin is very limited. Ok, now I have this problem: I have untar the orion archieve to a folder called orion, this folder and all the files and subfolders under it are belongs to a user name 'orion', the group access permission for this folder (and all it's files) are also called 'orion'. When I log in to unix as user 'orion' and try to start up the app server by typing java -jar orion.jar, I get a message "Error starting HTTP-Server : Permission denied". I can only startup orion if I log in as root user. This is not acceptable because I can't let everyone to have root access just for starting up the orion server.(Our project still in the development phase so we need to start and stop the server quite often) I am puzzle with this error because I have already set the owner of all the files under orion folder to be 'orion', and orion app server is using it's own http-server internally so it shouldn't has any permission problem. I think that orion app server might try to access some of the unix system file which must have root access, if this is the case can someone tell me which file it it? Or is there any alternative work around for this problem? Thanks and best regards Lee -- Scott Stirling West Newton, MA
RE: orion on unix
The best way to get around this, I think, is to use apache as a front end
and connect Orion to it.
There is excellent documentation on how to do this on
www.orionsupport.com... when it comes up. It think it is one of the
featured links on the right hand menu.
Apache runs anywhere, pretty much.
What you do is start up apache as root. Apache grabs whatever lower
numbered ports it needs (including 80) and then changes its user to
something else (usually 'nobody'). You change the configuration in
/etc/httpd/conf/httpd.conf (at least on linux) and then you can connect to
it using standard procedures supported by both apache and orion.
The main benefit of this is that you can run jrun as whomever you would like
('orion' is a good username) and you only have to worry about the file
permissions from that point on.
You DEFINITELY don't want to run orion, or any other Servlet Container as
root. The main reason is security. One of your developers could very
easily write a piece of code that would wipe out the entire hard drive, or
worse... and if anyone was able to hack in... all they would need to do is
write up a jsp file, and they have all the access they want.
Anyway. The apache thing works for us. We are able to do a lot of things
with this. One example is Virtual hosting. Each developer is able to have
their own instance of orion, running on their own virtual IP address, on
their own code base and starting and stopping it on their own running as
their own user. Apache allows for this.
Tony Wilson
-Original Message-
From: Heng Chee, Lee - SG [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 07, 2001 12:54 AM
To: Orion-Interest
Subject:orion on unix
Hi,
I used to run orion on NT machine and now I have to deploy
it on a Sun Sparc
Solaris machine.
Honestly, my knowledge on unix system admin is very limited.
Ok, now I have this problem:
I have untar the orion archieve to a folder called orion,
this folder and
all the files and subfolders under it are belongs to a user
name 'orion',
the group access permission for this folder (and all it's
files) are also
called 'orion'. When I log in to unix as user 'orion' and
try to start up
the app server by typing java -jar orion.jar, I get a
message "Error
starting HTTP-Server : Permission denied". I can only
startup orion if I
log in as root user. This is not acceptable because I can't
let everyone to
have root access just for starting up the orion server.(Our
project still in
the development phase so we need to start and stop the
server quite often)
I am puzzle with this error because I have already set the
owner of all the
files under orion folder to be 'orion', and orion app server
is using it's
own http-server internally so it shouldn't has any
permission problem.
I think that orion app server might try to access some of
the unix system
file which must have root access, if this is the case can
someone tell me
which file it it?
Or is there any alternative work around for this problem?
Thanks and best regards
Lee
RE: orion on unix
Scott,
There is some JNI code to do this on OrionSupport - should be up soon.
Mike
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Scott M.
Stirling
Sent: Monday, January 08, 2001 11:44 AM
To: Orion-Interest
Subject: RE: orion on unix
I was going to suggest something similar, which is to start up Orion as
root and then have the process change UID to a non-root user, just like
Apache. But starting the process as root is precisely the thing the
user was trying to avoid.
Throwing Apache in the front end is bound to decrease performance,
versus using Orion's HTTP server. It's certainly the easiest (and a
good portable one -- better than ipchains) solution, but I didn't
mention because it defeats the purpose of using Orion as the web server
for performance.
The security problems with running an app server as root can be dealt
with by using Java policy files. I've written them for JRun in the
past, to restrict access to just the directories, files and ports
necessary. But running an app server is a risky proposition anyway.
Even if it's not running as root it probably has access to all your
businesses' critical data via database access and Web-based business
transactions; people's credit card numbers, etc. These are much more
valuable than the files on your file system.
The real problem expressed by the original email is that regular
restarts of the server are necessary. All Java app servers suffer from
this in one place or another. Eventually, they'll all have to be able
to dynamically reload configuration settings, and any class or
component. Orion is all ready well on the way toward that goal with
dynamic reload of ears, EJB jars, servlets, etc.
A related problem is the distinction between development and production
-- why can't each developer belong to the same group, have them all stop
and start Orion on a port above 1024 for development purposes, and then
deal with this port 80 problem when it's time to move production. In
most organizations I've dealt with, the developers aren't the ones
stopping and starting the production server anyway.
Scott Stirling
West Newton, MA
On 07 Jan 2001 13:44:34 -0800, Tony Wilson wrote:
The best way to get around this, I think, is to use apache as a
front end
and connect Orion to it.
There is excellent documentation on how to do this on
www.orionsupport.com... when it comes up. It think it is one of the
featured links on the right hand menu.
Apache runs anywhere, pretty much.
What you do is start up apache as root. Apache grabs whatever lower
numbered ports it needs (including 80) and then changes its user to
something else (usually 'nobody'). You change the configuration in
/etc/httpd/conf/httpd.conf (at least on linux) and then you can
connect to
it using standard procedures supported by both apache and orion.
The main benefit of this is that you can run jrun as whomever
you would like
('orion' is a good username) and you only have to worry about the file
permissions from that point on.
You DEFINITELY don't want to run orion, or any other Servlet
Container as
root. The main reason is security. One of your developers could very
easily write a piece of code that would wipe out the entire
hard drive, or
worse... and if anyone was able to hack in... all they would
need to do is
write up a jsp file, and they have all the access they want.
Anyway. The apache thing works for us. We are able to do a
lot of things
with this. One example is Virtual hosting. Each developer is
able to have
their own instance of orion, running on their own virtual IP address, on
their own code base and starting and stopping it on their own running as
their own user. Apache allows for this.
Tony Wilson
Orion under Unix archive
When I asked the question if Orion server processes can be run as someone other then root (under Solaris) and how, one reply mentioned that there was a big discussion regarding this question, and to check the archive files. I have done that but couldn't find the discussion. Can anyone point me to where I can find the archive file entry discussing this question before I brought it up again?
Re: Orion under Unix archive
Hi, try searching the archive for native.user regards, jochen strunk At 09:44 19.10.2000 -0500, you wrote: When I asked the question if Orion server processes can be run as someone other then root (under Solaris) and how, one reply mentioned that there was a big discussion regarding this question, and to check the archive files. I have done that but couldn't find the discussion. Can anyone point me to where I can find the archive file entry discussing this question before I brought it up again? (-) Jochen Strunk (-) SIGNAL 7 Gesellschaft für Informationstechnologie mbH (-) Brüder-Knauß-Str. 79 - 64285 Darmstadt, (-) Tel: 06151 665402, Fax: 06151 665373 (-) [EMAIL PROTECTED], www.signal7.de
