Mutliuser setup

2002-12-04 Thread Rolf Borgen Guescini 
Does anybody know what to do when setting up tomcat on a UNIX environment
for more than one user?

Is the best way to define a directory owned by a group where all the users
belong,and then make contexts in server.xml?

Or is there another way of doing it?

RBG

~\\|//~
-(o o)-
   oOOOo**(_)**oOOOo
   * Rolf Borgen Guescini  *
   *---*
   *   *
   *   [EMAIL PROTECTED]*
   *   [EMAIL PROTECTED]*
   * http://folk.uio.no/rolfbg *
   *   *
   *   *
   * .oooO   Oooo. *
   **(   )***(   )**
  \ ( ) /
   \_)   (_/


--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: Mutliuser setup

2002-12-04 Thread David Brown 
Rolf Borgen Guescini writes: 

Does anybody know what to do when setting up tomcat on a UNIX environment
for more than one user? 

Is the best way to define a directory owned by a group where all the users
belong,and then make contexts in server.xml? 

Or is there another way of doing it? 

RBG 

~\\|//~
-(o o)-
   oOOOo**(_)**oOOOo
   * Rolf Borgen Guescini  *
   *---*
   *   *
   *   [EMAIL PROTECTED]*
   *   [EMAIL PROTECTED]*
   * http://folk.uio.no/rolfbg *
   *   *
   *   *
   * .oooO   Oooo. *
   **(   )***(   )**
		  \ ( ) /
		   \_)   (_/ 


--
To unsubscribe, e-mail:   
For additional commands, e-mail:  




Hello Rolf, this is a two edged sword. if u r talking about localhost only 
w/ no public access this is not a problem but just allow each user to have 
their own "" directory e.g. 
$CATALALINA_HOME// all defined in their own 
web.xml files at: $CATALINA_HOME//WEB-INF. on other edge 
to this sword can be cutting and care is needed if u r mean to run public. 
i'm working on this now and have a infrastructure that would allow users to 
update servlets and jsp's remotely and install webapps using the /manager 
application. i can do this because i have all such accesses under 
"protected" webapp directories and encrypted w/ ssl requiring pam cert and 
user id's and password logins. this is an involved step and an order of 
magnitude of labor over the other sword edge. i have done things this way 
because as many will agree the public internet is a place where nobody's 
sandbox is safe from attack and intrusion. tc vulnerabilities r the same as 
for other services that have public access. if u do mean to offer public 
access then u have choosen a good package. tc has no security defaults but 
has all the tools necessary to harden its public server capabilties 
especially if used w/ apache version 1.3.27 or better. reply w/ more info on 
where u r technically: hardware, os, software services installed, network 
(connection), dns etc. and maybe u will get the attention of the gurus. hope 
this helps, david. 

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

RE: Mutliuser setup

2002-12-04 Thread Jeremy Joslin 
Start out by looking at #4 on the list here:
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/RUNNING.txt

Jeremy

> -Original Message-
> From: Rolf Borgen Guescini [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, December 04, 2002 8:13 AM
> To: [EMAIL PROTECTED]
> Subject: Mutliuser setup
> 
> Does anybody know what to do when setting up tomcat on a UNIX
environment
> for more than one user?
> 
> Is the best way to define a directory owned by a group where all the
users
> belong,and then make contexts in server.xml?
> 
> Or is there another way of doing it?
> 
> RBG
> 
> ~\\|//~
> -(o o)-
>oOOOo**(_)**oOOOo
>* Rolf Borgen Guescini  *
>*---*
>*   *
>*   [EMAIL PROTECTED]*
>*   [EMAIL PROTECTED]*
>* http://folk.uio.no/rolfbg *
>*   *
>*   *
>* .oooO   Oooo. *
>**(   )***(   )**
> \ ( ) /
>  \_)   (_/
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-
> [EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:tomcat-user-
> [EMAIL PROTECTED]>



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Mutliuser setup

2002-12-04 Thread Rolf Borgen Guescini 
Thanks both to you and David Brown for the quick response ! : )

As this was my first posting to this mailing list, and since I don't have
any experience with posting on such lists, I see that I expressed myself a
little bit inexact. But Jeremy's idea of reading the RUNNING.txt is quit
to the point:

"In many circumstances, it is desirable to have a single copy of a Tomcat 4
binary distribution shared among multiple users on the same server. "

This is what I would like to do:
the os is sparc-sun-solaris2.5 on a sun box - i don't know more about it,
I'm sorry..
My plan was to have the administrator
create a group that would have access to a directory on the server where
each user in that group had their own directories which I could set up as
contexts in server.xml

What I would like to know then is where the best place would be to place
Tomcat since the administrator wants control startups and shutdowns.

the next thing the RUNNING.txt says is:

you must configure a CATALINA_BASE environment variable (in
addition to CATALINA_HOME as described above) that points to a directory
that is unique to your instance

what would be a directory that is unique to my instance ?

could the user directory that the administrator creates be that directory?

since
When you do this, Tomcat 4 will calculate all relative references for
files in the following directories based on the value for CATALINA_BASE
instead of CATALINA_HOME:

* conf - Server configuration files (including server.xml)

* logs - Log and output files

* webapps - Automatically loaded web applications

* work - Temporary working directories for web applications

Whould this solve my task or have I completely gotten it wrong?

Maybe also what David Brown wrote about adresses what might become a
future problem: the service won't be public with a lot of traffic on it,
but the pages would be openly acessible. Since there have been several
attacks on our different servers, security is a hot issue these days, and
I have a hard time finding out how to solve the problem of having to bug
the administrator each time we need the server reset. It would be great if
there was a solution to this problem.

I am grateful for all help I can get in learning this ! : )

Rolf
~\\|//~
-(o o)-
   oOOOo**(_)**oOOOo
   * Rolf Borgen Guescini  *
   *---*
   *   *
   *   [EMAIL PROTECTED]*
   *   [EMAIL PROTECTED]*
   * http://folk.uio.no/rolfbg *
   *   *
   *   *
   * .oooO   Oooo. *
   **(   )***(   )**
  \ ( ) /
   \_)   (_/

On Wed, 4 Dec 2002, Jeremy Joslin wrote:

> Start out by looking at #4 on the list here:
> http://jakarta.apache.org/tomcat/tomcat-4.0-doc/RUNNING.txt
>
> Jeremy
>
> > -Original Message-
> > From: Rolf Borgen Guescini [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, December 04, 2002 8:13 AM
> > To: [EMAIL PROTECTED]
> > Subject: Mutliuser setup
> >
> > Does anybody know what to do when setting up tomcat on a UNIX
> environment
> > for more than one user?
> >
> > Is the best way to define a directory owned by a group where all the
> users
> > belong,and then make contexts in server.xml?
> >
> > Or is there another way of doing it?
> >
> > RBG
> >
> > ~\\|//~
> > -(o o)-
> >oOOOo**(_)**oOOOo
> >* Rolf Borgen Guescini  *
> >*---*
> >*   *
> >*   [EMAIL PROTECTED]*
> >*   [EMAIL PROTECTED]*
> >* http://folk.uio.no/rolfbg *
> >*   *
> >*   *
> >* .oooO   Oooo. *
> >**(   )***(   )**
> >   \ ( ) /
> >\_)   (_/
> >
> >
> > --
> > To unsubscribe, e-mail:   <mailto:tomcat-user-
> > [EMAIL PROTECTED]>
> > For additional commands, e-mail: <mailto:tomcat-user-
> > [EMAIL PROTECTED]>
>
>
>
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Mutliuser setup

2002-12-05 Thread Turner, John 

There are two scenarios you have to consider:  running one Tomcat with
multiple Contexts, with each user having their own Context with appropriate
permissions, and running multiple Tomcats with single (or multiple)
Contexts, with each user having their own instance of Tomcat and their own
Contexts.

If #1, you don't need CATALINA_BASE.  If #2, you need CATALINA_BASE.  You
would set CATALINA_BASE to be equal to the directory that each user  uses
for their applications and code.  CATALINA_HOME in scenario #2 would be
equal to CATALINA_HOME in #1.

The advantages of #1 are centralized control.  The disadvantages are that a
problem with one user's application may cause problems with the others, for
example, if Tomcat has to be restarted, all applications would be stopped
instead of a particular user's application.

The advantages of #2 are centralized but specific control.  Each user's
Tomcat could be stopped, started, and managed without affecting any of the
others.  The disadvantages of #2 are increased administration.

We use #2.  Each user (client) has their own server.xml, their own Tomcat
work directory, their own startup and shutdown scripts (like
startup-user1.sh and shutdown-user2.sh) and their own webapps directory.
Tomcat can be managed, stopped, and started for each user without changing
or effecting anything on the others.  There is only one CATALINA_HOME/bin
directory, and only one CATALINA_HOME/lib directory.

John

> -Original Message-
> From: Rolf Borgen Guescini [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, December 04, 2002 5:21 PM
> To: Tomcat Users List
> Subject: RE: Mutliuser setup
> 
> 
> Thanks both to you and David Brown for the quick response ! : )
> 
> As this was my first posting to this mailing list, and since 
> I don't have
> any experience with posting on such lists, I see that I 
> expressed myself a
> little bit inexact. But Jeremy's idea of reading the 
> RUNNING.txt is quit
> to the point:
> 
> "In many circumstances, it is desirable to have a single copy 
> of a Tomcat 4
> binary distribution shared among multiple users on the same server. "
> 
> This is what I would like to do:
> the os is sparc-sun-solaris2.5 on a sun box - i don't know 
> more about it,
> I'm sorry..
> My plan was to have the administrator
> create a group that would have access to a directory on the 
> server where
> each user in that group had their own directories which I 
> could set up as
> contexts in server.xml
> 
> What I would like to know then is where the best place would 
> be to place
> Tomcat since the administrator wants control startups and shutdowns.
> 
> the next thing the RUNNING.txt says is:
> 
> you must configure a CATALINA_BASE environment variable (in
> addition to CATALINA_HOME as described above) that points to 
> a directory
> that is unique to your instance
> 
> what would be a directory that is unique to my instance ?
> 
> could the user directory that the administrator creates be 
> that directory?
> 
> since
> When you do this, Tomcat 4 will calculate all relative references for
> files in the following directories based on the value for 
> CATALINA_BASE
> instead of CATALINA_HOME:
> 
> * conf - Server configuration files (including server.xml)
> 
> * logs - Log and output files
> 
> * webapps - Automatically loaded web applications
> 
> * work - Temporary working directories for web applications
> 
> Whould this solve my task or have I completely gotten it wrong?
> 
> Maybe also what David Brown wrote about adresses what might become a
> future problem: the service won't be public with a lot of 
> traffic on it,
> but the pages would be openly acessible. Since there have been several
> attacks on our different servers, security is a hot issue 
> these days, and
> I have a hard time finding out how to solve the problem of 
> having to bug
> the administrator each time we need the server reset. It 
> would be great if
> there was a solution to this problem.
> 
> I am grateful for all help I can get in learning this ! : )
> 
> Rolf
> ~\\|//~
> -(o o)-
>oOOOo**(_)**oOOOo
>* Rolf Borgen Guescini  *
>*---*
>*   *
>*   [EMAIL PROTECTED]*
>*   [EMAIL PROTECTED]*
>* http://folk.uio.no/rolfbg *
>*   *
>*   *
>

Re: Mutliuser setup

2002-12-05 Thread Martin Klebermaß 
As u run multiple instances of tomcat perhaps u can help me with my problem.

Because u use for every user an own tomcat prozess, with an own config file,
every process needs an extra shutdown Port, set in the
 Tag ( or if not set it will be choosen automaticly .)  Am i right
that u cant switch this of or is there a way, so that Tomcat doenst use this
extra shutdown Port.
( Because with this shutdown Port every user needs 2 ports for Tomcat else
the user would only need 1)



- Original Message -
From: "Turner, John" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Thursday, December 05, 2002 2:37 PM
Subject: RE: Mutliuser setup


>
> There are two scenarios you have to consider:  running one Tomcat with
> multiple Contexts, with each user having their own Context with
appropriate
> permissions, and running multiple Tomcats with single (or multiple)
> Contexts, with each user having their own instance of Tomcat and their own
> Contexts.
>
> If #1, you don't need CATALINA_BASE.  If #2, you need CATALINA_BASE.  You
> would set CATALINA_BASE to be equal to the directory that each user  uses
> for their applications and code.  CATALINA_HOME in scenario #2 would be
> equal to CATALINA_HOME in #1.
>
> The advantages of #1 are centralized control.  The disadvantages are that
a
> problem with one user's application may cause problems with the others,
for
> example, if Tomcat has to be restarted, all applications would be stopped
> instead of a particular user's application.
>
> The advantages of #2 are centralized but specific control.  Each user's
> Tomcat could be stopped, started, and managed without affecting any of the
> others.  The disadvantages of #2 are increased administration.
>
> We use #2.  Each user (client) has their own server.xml, their own Tomcat
> work directory, their own startup and shutdown scripts (like
> startup-user1.sh and shutdown-user2.sh) and their own webapps directory.
> Tomcat can be managed, stopped, and started for each user without changing
> or effecting anything on the others.  There is only one CATALINA_HOME/bin
> directory, and only one CATALINA_HOME/lib directory.
>
> John
>



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Mutliuser setup

2002-12-05 Thread Turner, John 

We've never investigated how to get away from needing the shutdown port.
We're OK with two ports for each user/client.  Given 10-15 clients per
server, there are plenty of ports to go around < 65K.

John

> -Original Message-
> From: Martin Klebermaß [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, December 05, 2002 9:18 AM
> To: Tomcat Users List
> Subject: Re: Mutliuser setup
> 
> 
> As u run multiple instances of tomcat perhaps u can help me 
> with my problem.
> 
> Because u use for every user an own tomcat prozess, with an 
> own config file,
> every process needs an extra shutdown Port, set in the
>  Tag ( or if not set it will be choosen automaticly 
> .)  Am i right
> that u cant switch this of or is there a way, so that Tomcat 
> doenst use this
> extra shutdown Port.
> ( Because with this shutdown Port every user needs 2 ports 
> for Tomcat else
> the user would only need 1)
> 
> 
> 
> - Original Message -
> From: "Turner, John" <[EMAIL PROTECTED]>
> To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
> Sent: Thursday, December 05, 2002 2:37 PM
> Subject: RE: Mutliuser setup
> 
> 
> >
> > There are two scenarios you have to consider:  running one 
> Tomcat with
> > multiple Contexts, with each user having their own Context with
> appropriate
> > permissions, and running multiple Tomcats with single (or multiple)
> > Contexts, with each user having their own instance of 
> Tomcat and their own
> > Contexts.
> >
> > If #1, you don't need CATALINA_BASE.  If #2, you need 
> CATALINA_BASE.  You
> > would set CATALINA_BASE to be equal to the directory that 
> each user  uses
> > for their applications and code.  CATALINA_HOME in scenario 
> #2 would be
> > equal to CATALINA_HOME in #1.
> >
> > The advantages of #1 are centralized control.  The 
> disadvantages are that
> a
> > problem with one user's application may cause problems with 
> the others,
> for
> > example, if Tomcat has to be restarted, all applications 
> would be stopped
> > instead of a particular user's application.
> >
> > The advantages of #2 are centralized but specific control.  
> Each user's
> > Tomcat could be stopped, started, and managed without 
> affecting any of the
> > others.  The disadvantages of #2 are increased administration.
> >
> > We use #2.  Each user (client) has their own server.xml, 
> their own Tomcat
> > work directory, their own startup and shutdown scripts (like
> > startup-user1.sh and shutdown-user2.sh) and their own 
> webapps directory.
> > Tomcat can be managed, stopped, and started for each user 
> without changing
> > or effecting anything on the others.  There is only one 
> CATALINA_HOME/bin
> > directory, and only one CATALINA_HOME/lib directory.
> >
> > John
> >
> 
> 
> 
> --
> To unsubscribe, e-mail:   
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Mutliuser setup

2002-12-05 Thread David Brown 
Rolf Borgen Guescini writes: 

Does anybody know what to do when setting up tomcat on a UNIX environment
for more than one user? 

Is the best way to define a directory owned by a group where all the users
belong,and then make contexts in server.xml? 

Or is there another way of doing it? 

RBG 

~\\|//~
-(o o)-
   oOOOo**(_)**oOOOo
   * Rolf Borgen Guescini  *
   *---*
   *   *
   *   [EMAIL PROTECTED]*
   *   [EMAIL PROTECTED]*
   * http://folk.uio.no/rolfbg *
   *   *
   *   *
   * .oooO   Oooo. *
   **(   )***(   )**
		  \ ( ) /
		   \_)   (_/ 


--
To unsubscribe, e-mail:   
For additional commands, e-mail:  


Hello Rolf, d u mean UNIX users or just tc? if u mean just tc u can use the 
RealBase class that defines users and roles. i also assume u mean to use a 
secure login (ssl) and secure webapps page/directories. this is all 
documented in tc "out-of-the-box". preferably, u will want to use JDBCRealm 
and a database (the MemoryRealm would require MD5 or SHA digest of the 
passwords in flat ASCII text files) and not as useful as if the users and 
roles tables in a db (the users and roles tables can be used as fk in other 
tables 4 other process logic uses). each user could have his own webapp 
which is what i'm doing now and it works 4 me. hope this helps, david. 


--
To unsubscribe, e-mail:   
For additional commands, e-mail:

RE: Mutliuser setup

2002-12-05 Thread Craig R. McClanahan 


On Thu, 5 Dec 2002, Turner, John wrote:

> We've never investigated how to get away from needing the shutdown port.
> We're OK with two ports for each user/client.  Given 10-15 clients per
> server, there are plenty of ports to go around < 65K.

If you're running a separate JVM for each client, you're pretty much
assured to run out of memory before you run out of ports :-).

> John

Craig



--
To unsubscribe, e-mail:   
For additional commands, e-mail:

RE: Mutliuser setup

2002-12-06 Thread Turner, John 

Agreed.  :)  We're OK with 10-15 clients and 2GB RAM per server for now.

John

> -Original Message-
> From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, December 05, 2002 9:55 PM
> To: Tomcat Users List
> Subject: RE: Mutliuser setup
> 
> 
> 
> 
> On Thu, 5 Dec 2002, Turner, John wrote:
> 
> > We've never investigated how to get away from needing the 
> shutdown port.
> > We're OK with two ports for each user/client.  Given 10-15 
> clients per
> > server, there are plenty of ports to go around < 65K.
> 
> If you're running a separate JVM for each client, you're pretty much
> assured to run out of memory before you run out of ports :-).
> 
> > John
> 
> Craig
> 
> 
> 
> --
> To unsubscribe, e-mail:   
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: 
> <mailto:[EMAIL PROTECTED]>
> 

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Mutliuser setup

2002-12-06 Thread Martin Klebermaß 
Well its less the problem with running to much tomcats so that there are not
enough ports, you just need some more type of port handling to give away the
ports in an automatic way.
And beside this,   matter of wasting ports, i find a port that listens for a
string which is never be used is a simple extra risc with no benefit.  ( Or
do u install a Programm on your system that runs on a network port, and u
know about the programm that in 50 years you will never need this port ?)


- Original Message -
From: "Turner, John" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Friday, December 06, 2002 2:58 PM
Subject: RE: Mutliuser setup


>
> Agreed.  :)  We're OK with 10-15 clients and 2GB RAM per server for now.
>
> John
>
> > -Original Message-
> > From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, December 05, 2002 9:55 PM
> > To: Tomcat Users List
> > Subject: RE: Mutliuser setup
> >
> >
> >
> >
> > On Thu, 5 Dec 2002, Turner, John wrote:
> >
> > > We've never investigated how to get away from needing the
> > shutdown port.
> > > We're OK with two ports for each user/client.  Given 10-15
> > clients per
> > > server, there are plenty of ports to go around < 65K.
> >
> > If you're running a separate JVM for each client, you're pretty much
> > assured to run out of memory before you run out of ports :-).
> >
> > > John
> >
> > Craig
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> >
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
>
>



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Mutliuser setup

2002-12-06 Thread Craig R. McClanahan 


On Fri, 6 Dec 2002, Martin Klebermaß wrote:

> Date: Fri, 6 Dec 2002 15:12:36 +0100
> From: Martin Klebermaß <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: Tomcat Users List <[EMAIL PROTECTED]>
> Subject: Re: Mutliuser setup
>
> Well its less the problem with running to much tomcats so that there are not
> enough ports, you just need some more type of port handling to give away the
> ports in an automatic way.
> And beside this,   matter of wasting ports, i find a port that listens for a
> string which is never be used is a simple extra risc with no benefit.  ( Or
> do u install a Programm on your system that runs on a network port, and u
> know about the programm that in 50 years you will never need this port ?)
>
>

If you don't need the shutdown port (which, by the way, only accepts
connections from 127.0.0.1), then don't use it.  It's pretty
straightforward to write your own wrapper around the Tomcat startup
process that doesn't enable this -- which means, of course, that you must
also provide some other mechanism for controlled shutdown.

Craig



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>