On Tue, Jul 23, 2013 at 1:00 PM, Christopher Schultz < [email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Shridev, > > On 7/18/13 3:27 PM, Shridev Makim wrote: > > Hello, We are trying to run tomcat7 as a daemon using JSVC in SunOS > > environment. The compiled jsvc executable is owned by root. We have > > modified daemon.sh that bundles with tomcat7 for our environment to > > run our tomcat instance. When we execute this shell script, it > > creates two processes and both the processes are owned by root as > > shown below (output of ps -ef | grep jsvc): > > > > root 9109 9108 2 15:15:03 ? 0:37 > > /doc/dmadmin6/product/tomcat7/bin/jsvc -java-home > > /doc/dmadmin6/product/jdk6/jd root 9108 1 0 15:15:03 ? > > 0:00 /doc/dmadmin6/product/tomcat7/bin/jsvc -java-home > > /doc/dmadmin6/product/jdk6/jd > > > > We are running the shell script as a non privileged user (dmadmin6) > > and we are even passing this user name with -user switch to jsvc. > > We were expecting the child process (pid 9109) to be run as a non > > privileged user (dmadmin6) in our case. Anyone else has experienced > > this? > > > > Currently in production we have tomcat 6 configured to run with > > jsvc and in that environment we see that the child process is > > running as a non privileged user. > > http://commons.apache.org/proper/commons-daemon/jsvc.html#How_jsvc_works > > Note that jsvc is not a Tomcat component; it's part of Apache Commons. > The jsvc daemon you use with Tomcat 6 is likely to be (virtually) > identical to that which you use with Tomcat 7. > > You didn't tell us how you have modified the daemon.sh script, so we > have no idea what could be happening. It would be good if you could > give us much, much more detail. > > Thanks, > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJR7ranAAoJEBzwKT+lPKRYcVEQAKtvpN4keXKsKMi5LLApCbcb > S2LPrmveT5Ij+G7vFc5I8ngXx2qxC50wgUb4sKBVKb/nblgFWPyoO2eGPPbTvWMn > 62CG6vdGUIkmTFYuInJQcYPyLYjoLtpSSfaQw3lC3lkrNAYOWi5k0yhSz/DMUGWU > HPLOLiM6VAffwAO3zOOhWROb8/zIQ1yaeFSP52wF0W/YR22MlrABJItb908tY7PH > 3Zg6XqM7Vw/W9JUy5a0VlATd6vfOsPvXwcasm7/XHmjkh3cTscfV/3Vxz0Zeh4vR > awXgR/8/uJyRsroD80NIUIEeIfV2+iZf2siuZTVjTpZEhG1lPrpTEYSic+TvmicG > gs5RPMKwGAfDAR1R3opa7zILakqHsreAHfJpTAfuIz/tZrX/iJv+zqCHp4+V2lII > asoAR7xZd33P2ckaJObjVuC9Y0nkRV4lQOX3yymMrVgk+TbWcbV49bwgAS97hVq3 > YLsG3x0MNzhntnoDG44R+bOkvYdOOu9cVQcZukz2roK6wT7vcKpEGb4QGovaPNt5 > zOpZyiAFB/JyFvn2hbmYdKB4c1+hzHdp1TDj01JnFBcqegMzosM20X7pTwTdDpxP > 2aD3SV8DZ4GzgM0BNQplzVQGbQE+YskhFFOGYaP3j0W8RyVVpjmFW/JedfHEPezN > UroOUgy+SugSsLz2ZedP > =aSbM > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Thanks guys for responding. Here are the content of the script. We invoke this shell script with passing only one parameter named "start". Only thing modified in the daemon.sh script was to change the TOMCAT_USER to dmadmin6 in line nbr 86. #!/bin/sh # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # ----------------------------------------------------------------------------- # Commons Daemon wrapper script. # # $Id: daemon.sh 1202058 2011-11-15 06:37:12Z mturk $ # ----------------------------------------------------------------------------- # # resolve links - $0 may be a softlink ARG0="$0" while [ -h "$ARG0" ]; do ls=`ls -ld "$ARG0"` link=`expr "$ls" : '.*-> \(.*\)$'` if expr "$link" : '/.*' > /dev/null; then ARG0="$link" else ARG0="`dirname $ARG0`/$link" fi done DIRNAME="`dirname $ARG0`" PROGRAM="`basename $ARG0`" while [ ".$1" != . ] do case "$1" in --java-home ) JAVA_HOME="$2" shift; shift; continue ;; --catalina-home ) CATALINA_HOME="$2" shift; shift; continue ;; --catalina-base ) CATALINA_BASE="$2" shift; shift; continue ;; --catalina-pid ) CATALINA_PID="$2" shift; shift; continue ;; --tomcat-user ) TOMCAT_USER="$2" shift; shift; continue ;; * ) break ;; esac done # OS specific support (must be 'true' or 'false'). cygwin=false; darwin=false; case "`uname`" in CYGWIN*) cygwin=true ;; Darwin*) darwin=true ;; esac # Use the maximum available, or set MAX_FD != -1 to use that test ".$MAX_FD" = . && MAX_FD="maximum" # Setup parameters for running the jsvc # test ".$TOMCAT_USER" = . && TOMCAT_USER=dmadmin6 # Set JAVA_HOME to working JDK or JRE # JAVA_HOME=/opt/jdk-1.6.0.22 # If not set we'll try to guess the JAVA_HOME # from java binary if on the PATH # if [ -z "$JAVA_HOME" ]; then JAVA_BIN="`which java 2>/dev/null || type java 2>&1`" test -x "$JAVA_BIN" && JAVA_HOME="`dirname $JAVA_BIN`" test ".$JAVA_HOME" != . && JAVA_HOME=`cd "$JAVA_HOME/.." >/dev/null; pwd` else JAVA_BIN="$JAVA_HOME/bin/java" fi # Only set CATALINA_HOME if not already set test ".$CATALINA_HOME" = . && CATALINA_HOME=`cd "$DIRNAME/.." >/dev/null; pwd` test ".$CATALINA_BASE" = . && CATALINA_BASE="$CATALINA_HOME" test ".$CATALINA_MAIN" = . && CATALINA_MAIN=org.apache.catalina.startup.Bootstrap test ".$JSVC" = . && JSVC="$CATALINA_BASE/bin/jsvc" # Ensure that any user defined CLASSPATH variables are not used on startup, # but allow them to be specified in setenv.sh, in rare case when it is needed. CLASSPATH= JAVA_OPTS= if [ -r "$CATALINA_BASE/bin/setenv.sh" ]; then . "$CATALINA_BASE/bin/setenv.sh" elif [ -r "$CATALINA_HOME/bin/setenv.sh" ]; then . "$CATALINA_HOME/bin/setenv.sh" fi # Add on extra jar files to CLASSPATH test ".$CLASSPATH" != . && CLASSPATH="${CLASSPATH}:" CLASSPATH="$CLASSPATH$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar" test ".$CATALINA_OUT" = . && CATALINA_OUT="$CATALINA_BASE/logs/catalina-daemon.out" test ".$CATALINA_TMP" = . && CATALINA_TMP="$CATALINA_BASE/temp" # Add tomcat-juli.jar to classpath # tomcat-juli.jar can be over-ridden per instance if [ -r "$CATALINA_BASE/bin/tomcat-juli.jar" ] ; then CLASSPATH="$CLASSPATH:$CATALINA_BASE/bin/tomcat-juli.jar" else CLASSPATH="$CLASSPATH:$CATALINA_HOME/bin/tomcat-juli.jar" fi # Set juli LogManager config file if it is present and an override has not been issued if [ -z "$LOGGING_CONFIG" ]; then if [ -r "$CATALINA_BASE/conf/logging.properties" ]; then LOGGING_CONFIG="-Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties" else # Bugzilla 45585 LOGGING_CONFIG="-Dnop" fi fi test ".$LOGGING_MANAGER" = . && LOGGING_MANAGER="-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager" JAVA_OPTS="$JAVA_OPTS $LOGGING_MANAGER" # Set -pidfile test ".$CATALINA_PID" = . && CATALINA_PID="$CATALINA_BASE/logs/catalina-daemon.pid" # Increase the maximum file descriptors if we can if [ "$cygwin" = "false" ]; then MAX_FD_LIMIT=`ulimit -H -n` if [ "$?" -eq 0 ]; then # Darwin does not allow RLIMIT_INFINITY on file soft limit if [ "$darwin" = "true" -a "$MAX_FD_LIMIT" = "unlimited" ]; then MAX_FD_LIMIT=`/usr/sbin/sysctl -n kern.maxfilesperproc` fi test ".$MAX_FD" = ".maximum" && MAX_FD="$MAX_FD_LIMIT" ulimit -n $MAX_FD if [ "$?" -ne 0 ]; then echo "$PROGRAM: Could not set maximum file descriptor limit: $MAX_FD" fi else echo "$PROGRAM: Could not query system maximum file descriptor limit: $MAX_FD_LIMIT" fi fi # ----- Execute The Requested Command ----------------------------------------- case "$1" in run ) shift "$JSVC" $* \ $JSVC_OPTS \ -java-home "$JAVA_HOME" \ -pidfile "$CATALINA_PID" \ -wait 10 \ -nodetach \ -outfile "&1" \ -errfile "&2" \ -classpath "$CLASSPATH" \ "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \ -Dcatalina.base="$CATALINA_BASE" \ -Dcatalina.home="$CATALINA_HOME" \ -Djava.io.tmpdir="$CATALINA_TMP" \ $CATALINA_MAIN exit $? ;; start ) "$JSVC" $JSVC_OPTS \ -java-home "$JAVA_HOME" \ -user $TOMCAT_USER \ -pidfile "$CATALINA_PID" \ -wait 10 \ -outfile "$CATALINA_OUT" \ -errfile "&1" \ -classpath "$CLASSPATH" \ "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \ -Dcatalina.base="$CATALINA_BASE" \ -Dcatalina.home="$CATALINA_HOME" \ -Djava.io.tmpdir="$CATALINA_TMP" \ $CATALINA_MAIN exit $? ;; stop ) "$JSVC" $JSVC_OPTS \ -stop \ -pidfile "$CATALINA_PID" \ -classpath "$CLASSPATH" \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \ -Dcatalina.base="$CATALINA_BASE" \ -Dcatalina.home="$CATALINA_HOME" \ -Djava.io.tmpdir="$CATALINA_TMP" \ $CATALINA_MAIN exit $? ;; version ) "$JSVC" \ -java-home "$JAVA_HOME" \ -pidfile "$CATALINA_PID" \ -classpath "$CLASSPATH" \ -errfile "&2" \ -version \ -check \ $CATALINA_MAIN if [ "$?" = 0 ]; then "$JAVA_BIN" \ -classpath "$CATALINA_HOME/lib/catalina.jar" \ org.apache.catalina.util.ServerInfo fi exit $? ;; * ) echo "Unknown command: \`$1'" echo "Usage: $PROGRAM ( commands ... )" echo "commands:" echo " run Start Tomcat without detaching from console" echo " start Start Tomcat" echo " stop Stop Tomcat" echo " version What version of commons daemon and Tomcat" echo " are you running?" exit 1 ;; esac Here is the output of the ps -fA | grep jsvc command ( -H was giving illegal option error): root 6574 1 0 14:36:48 ? 0:00 /doc/dmadmin6/product/tomcat7/bin/jsvc -java-home /doc/dmadmin6/product/jdk6/jd dmadmin6 6606 5152 0 14:38:15 pts/2 0:00 grep jsvc root 6575 6574 0 14:36:48 ? 0:23 /doc/dmadmin6/product/tomcat7/bin/jsvc -java-home /doc/dmadmin6/product/jdk6/jd And here is the output of the version.sh: Using CATALINA_BASE: /doc/dmadmin6/product/tomcat7 Using CATALINA_HOME: /doc/dmadmin6/product/tomcat7 Using CATALINA_TMPDIR: /doc/dmadmin6/product/tomcat7/temp Using JRE_HOME: /doc/dmadmin6/product/jdk6/jdk1.6.0_37/jre Using CLASSPATH: /doc/dmadmin6/product/tomcat7/bin/bootstrap.jar:/doc/dmadmin6/product/tomcat7/bin/tomcat-juli.jar Server version: Apache Tomcat/7.0.32 Server built: Oct 3 2012 08:51:20 Server number: 7.0.32.0 OS Name: SunOS OS Version: 5.10 Architecture: sparc JVM Version: 1.6.0_37-b06 JVM Vendor: Sun Microsystems Inc. Thanks again for looking into this! -- Shridev Makim [email protected] 678-557-6023 (cell)
