RE: jsvc creates pid file owned by root
if you're in Ubuntu and want to exec a process with elevated privileges try Coggshall's (sp?) sudo utility http://en.wikipedia.org/wiki/Sudo Martin __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. > Date: Fri, 5 Sep 2008 17:34:56 -0500 > From: [EMAIL PROTECTED] > To: users@tomcat.apache.org > Subject: Re: jsvc creates pid file owned by root > > [EMAIL PROTECTED] wrote: > > See Thread at: http://www.techienuggets.com/Detail?tx=31984 Posted on > > behalf of a User > > > > > >>> You shouldn't be messing about with the ownership of the PID file. It is > >>> created by jsvc at startup. If you use jsvc properly it will start as > >>> root, create the pid file, startup tomcat ... > >>> > > > > Ah, but what if you are using jsvc to run something other than tomcat? > > > > I am using jsvc to run a standalone java application as a daemon that > > starts whenever the server is restarted. However, I would like a certain > > user other than root to be able to run the same launching script for this > > daemon to start and stop the service as needed. > > > > I find I cannot do it because of the permission on the .pid file. No > > matter where I put the pidfile and no matter whether or not I run umask in > > the launching script, the pidfile gets created with an owner of root and > > perms of 600. > > > > If I run umask 133 and then create a file, I get perm 644 as I want on the > > file. But the same does not work from within my jsvc-launch script with > > the pid file. > > > > Nothing I've tried works. > > > > In Response To: > > > > > > Hi, > > > > I can start and stop Tomcat 5.5 with the jsvc program but the problem is > > that the pid file is created with permissions 600 and owned by root. > > I want to be able to read the pid file to check if the Tomcat process is up > > and running > > and also for other purposes. > > > > Is it possible to make the pid file be owned by the user that runs Tomcat or > > have the permissions to be set to 666? > > > > Regards > > Gunnar > > > > > I am the anonymous author of the piece you're responding to. What a > coincidence seeing it bounce back here on the Tomcat list - Of course, > my example did NOT concern Tomcat. > > Anyway my JSVC daemon needs to fulfill two needs: > 1) restart the application on bootup - which is done by root > 2) allow non-root user to start-stop the application using the standard > daemon start/stop/restart kinds of commands. > > The only way I could get this to work was to modify my shell script to > change the permissions and the group of the pid file after the jsvc > start call was made. This works very nicely. Putting a call to umask in > the script before the jsvc invocation did not work. I still don't know why. > > > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > _ Stay up to date on your PC, the Web, and your mobile phone with Windows Live. http://clk.atdmt.com/MRT/go/msnnkwxp1020093185mrt/direct/01/
Re: jsvc creates pid file owned by root
[EMAIL PROTECTED] wrote: See Thread at: http://www.techienuggets.com/Detail?tx=31984 Posted on behalf of a User You shouldn't be messing about with the ownership of the PID file. It is created by jsvc at startup. If you use jsvc properly it will start as root, create the pid file, startup tomcat ... Ah, but what if you are using jsvc to run something other than tomcat? I am using jsvc to run a standalone java application as a daemon that starts whenever the server is restarted. However, I would like a certain user other than root to be able to run the same launching script for this daemon to start and stop the service as needed. I find I cannot do it because of the permission on the .pid file. No matter where I put the pidfile and no matter whether or not I run umask in the launching script, the pidfile gets created with an owner of root and perms of 600. If I run umask 133 and then create a file, I get perm 644 as I want on the file. But the same does not work from within my jsvc-launch script with the pid file. Nothing I've tried works. In Response To: Hi, I can start and stop Tomcat 5.5 with the jsvc program but the problem is that the pid file is created with permissions 600 and owned by root. I want to be able to read the pid file to check if the Tomcat process is up and running and also for other purposes. Is it possible to make the pid file be owned by the user that runs Tomcat or have the permissions to be set to 666? Regards Gunnar I am the anonymous author of the piece you're responding to. What a coincidence seeing it bounce back here on the Tomcat list - Of course, my example did NOT concern Tomcat. Anyway my JSVC daemon needs to fulfill two needs: 1) restart the application on bootup - which is done by root 2) allow non-root user to start-stop the application using the standard daemon start/stop/restart kinds of commands. The only way I could get this to work was to modify my shell script to change the permissions and the group of the pid file after the jsvc start call was made. This works very nicely. Putting a call to umask in the script before the jsvc invocation did not work. I still don't know why. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsvc creates pid file owned by root
See Thread at: http://www.techienuggets.com/Detail?tx=31984 Posted on behalf of a User >>You shouldn't be messing about with the ownership of the PID file. It is >>created by jsvc at startup. If you use jsvc properly it will start as >>root, create the pid file, startup tomcat ... Ah, but what if you are using jsvc to run something other than tomcat? I am using jsvc to run a standalone java application as a daemon that starts whenever the server is restarted. However, I would like a certain user other than root to be able to run the same launching script for this daemon to start and stop the service as needed. I find I cannot do it because of the permission on the .pid file. No matter where I put the pidfile and no matter whether or not I run umask in the launching script, the pidfile gets created with an owner of root and perms of 600. If I run umask 133 and then create a file, I get perm 644 as I want on the file. But the same does not work from within my jsvc-launch script with the pid file. Nothing I've tried works. In Response To: Hi, I can start and stop Tomcat 5.5 with the jsvc program but the problem is that the pid file is created with permissions 600 and owned by root. I want to be able to read the pid file to check if the Tomcat process is up and running and also for other purposes. Is it possible to make the pid file be owned by the user that runs Tomcat or have the permissions to be set to 666? Regards Gunnar -- <...> http://www.nabble.com/jsvc-creates-pid-file-owned-by-root-tp16606528p1660652 8.html Sent from the Tomcat - User mailing list archive at <...>. - To start a new topic, e-mail: [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsvc creates pid file owned by root
Hi Chris Christopher Schultz wrote: Are you sure you are changing the umask for the jsvc process? I wonder if the umask is being re-set to something else when jsvc elevates itself to root. You should ask the commons folks about how to do this with jsvc, as this is really off-topic, here (but we'd love to hear the I posted an answer to this a couple of days ago. I don't think the OP quite understands that 'umask' is a *shell* command. Consequently if you have a shell script like 'tomcat' for jsvc or startup.sh you must set the umask in the shell script because a new shell is created each time. As I posted in my example, I set umask to 027 in my jsvc startup script and it works just fine. tomcat starts as root, binds to the ports and then switches to the 'tomcat' user. The pid file is owned by root (as it should be) and files created by tomcat are '640' which is what I wanted. Another point that I think the OP was confused about was that you *must* have root permission to bind to system ports in linux - so you must either start tomcat as root or with a script invoked by 'sudo' You can also set umask in /etc/profile which will apply to all users - but probably not a good thing to do. HTH Alan answer for the future). Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgA6g4ACgkQ9CaO5/Lv0PBGTwCeM+4lBoXTnwzHkeirmROqWfuC co8AoJIEHbsD5gzfQxM8XNpwOeqrSdKf =euMt -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:4800eac534083966023671! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsvc creates pid file owned by root
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gunnar, Gunnar Boström wrote: | I would be fine with 644 but I don't know how to set that. | The file is owned by root so I'm not allowed to change it. | My umask is by default 0022 which should be okay. I tried to set the mask to | but no change. Are you sure you are changing the umask for the jsvc process? I wonder if the umask is being re-set to something else when jsvc elevates itself to root. You should ask the commons folks about how to do this with jsvc, as this is really off-topic, here (but we'd love to hear the answer for the future). Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgA6g4ACgkQ9CaO5/Lv0PBGTwCeM+4lBoXTnwzHkeirmROqWfuC co8AoJIEHbsD5gzfQxM8XNpwOeqrSdKf =euMt -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsvc creates pid file owned by root
You shouldn't be messing about with the ownership of the PID file. It is created by jsvc at startup. If you use jsvc properly it will start as root, create the pid file, startup tomcat, allow tomcat to bind to ports 80 and 443 and then switch to the user specified with -user switch. When you install jsvc from the version which is part of the tomcat distribution it comes with a shell script called 'tomcat' Here's an (edited) extract from my version. . # Set umask to avoid tomcat making tomcat-users.xml public readable umask 027 # == 640 PID_FILE=/var/run/jsvc.pid . /usr/lib/tcnative/jsvc \ -user $TOMCAT_USER \ -home $JAVA_HOME \ -Dcatalina.home=$CATALINA_HOME \ -Dcatalina.base=$CATALINA_BASE \ -Djava.io.tmpdir=$TMP_DIR \ -Xmx512m \ -XX:MaxPermSize=128m \ -wait 10 \ -pidfile $PID_FILE \ -outfile $CATALINA_HOME/logs/catalina.out \ -errfile '&1' \ $CATALINA_OPTS \ -cp $CLASSPATH \ org.apache.catalina.startup.Bootstrap I set a lot of options in CATALINA_OPTS which are passed to the vm - for example my JMX switches, various application configuration properties. I set the umask to 027 because that makes files read/write for tomcat and read-only for the tomcat group and read protected for the rest. This was because tomcat re-writes the tomcat-users.xml (which I happen to be using for the moment) at start up. Gunnar Boström wrote: Hi, Answers to all of you who has responded. I would be fine with 644 but I don't know how to set that. see umask above The file is owned by root so I'm not allowed to change it. My umask is by default 0022 which should be okay. I tried to set the mask to but no change. read about linux umask - you need to set it at the right point I created a pid file with the correct permissions but as expected jsvc ignored it. You SPECIFY the pid file as a parameter to the startup of jsvc. -pidfile as above. So this is what you do - assuming you are using a startup script like the provided 'tomcat': 1. Set an appropriate umask in the startup script 2. Set a pidfile location wherever you need it 3. start up tomcat EITHER as root by going ./tomcat start OR sudo ./tomcat start if you want to stay as a normal logged in user. You need to have your sudo permissions set of course - but that's another longer story. The whole point of using jsvc is that it allows you to change user from a privileged user to a normal user because no-one should run a web server as root. HTH I was hoping that there were some undocumented switches in jsvc that I could use. Regards Gunnar - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsvc creates pid file owned by root
Hi, Answers to all of you who has responded. I would be fine with 644 but I don't know how to set that. The file is owned by root so I'm not allowed to change it. My umask is by default 0022 which should be okay. I tried to set the mask to but no change. I created a pid file with the correct permissions but as expected jsvc ignored it. I was hoping that there were some undocumented switches in jsvc that I could use. Regards Gunnar -- View this message in context: http://www.nabble.com/jsvc-creates-pid-file-owned-by-root-tp16606528p16626038.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsvc creates pid file owned by root
Do you *really* want that file to be world-writable? Why not 644? -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Typically when a software vendor says that a product is "intuitive" he means the exact opposite. pgp8EEJOzvw1S.pgp Description: PGP signature
Re: jsvc creates pid file owned by root
Hi, can you set the umask before you run jsvc ? Rgds Fred Gunnar Boström wrote: > > Hi, > > I can start and stop Tomcat 5.5 with the jsvc program but the problem is > that the pid file is created with permissions 600 and owned by root. > I want to be able to read the pid file to check if the Tomcat process is > up and running > and also for other purposes. > > Is it possible to make the pid file be owned by the user that runs Tomcat > or have the permissions to be set to 666? > > Regards > Gunnar > > -- View this message in context: http://www.nabble.com/jsvc-creates-pid-file-owned-by-root-tp16606528p16608805.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: jsvc creates pid file owned by root
[Mid-post - sorry!] > From: David Smith [mailto:[EMAIL PROTECTED] > Well ... here's the problem. jsvc needs that pid file to shutdown > tomcat. It would be a real PITA if some user or script were to muck > around and damage or delete that file. > > Having said that, most *nix systems have a sticky bit ability to force > permissions on newly created files in specific folders. Or you could > modify your service script to chmod the pid file on startup. Indeed. 644 might be preferable to 666, I suspect - would at least prevent deletion and alteration! > > --David > > Gunnar Boström wrote: > > >Hi, > > > >I can start and stop Tomcat 5.5 with the jsvc program but > the problem is > >that the pid file is created with permissions 600 and owned by root. > >I want to be able to read the pid file to check if the > Tomcat process is up > >and running > >and also for other purposes. > > > >Is it possible to make the pid file be owned by the user > that runs Tomcat or > >have the permissions to be set to 666? > > > >Regards > >Gunnar > > > > > > > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsvc creates pid file owned by root
Well ... here's the problem. jsvc needs that pid file to shutdown tomcat. It would be a real PITA if some user or script were to muck around and damage or delete that file. Having said that, most *nix systems have a sticky bit ability to force permissions on newly created files in specific folders. Or you could modify your service script to chmod the pid file on startup. --David Gunnar Boström wrote: Hi, I can start and stop Tomcat 5.5 with the jsvc program but the problem is that the pid file is created with permissions 600 and owned by root. I want to be able to read the pid file to check if the Tomcat process is up and running and also for other purposes. Is it possible to make the pid file be owned by the user that runs Tomcat or have the permissions to be set to 666? Regards Gunnar - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]