Thank you Brett for your comments.
Here is tomcat startup script (/etc/init.d/tomcat7)
#!/bin/bash
# tomcat start/stop script
export JAVA_HOME=/usr/lib/jvm/java-7-oracle
export CATALINA_HOME=/opt/tomcat7
start() {
su tomcat7 -s /bin/sh -c $CATALINA_HOME/bin/startup.sh
}
stop() {
su tomcat7 -s /bin/sh -c $CATALINA_HOME/bin/shutdown.sh
}
case $1 in
start|stop) $1;;
restart) stop; start;;
*) echo "Run as $0 <start|stop|restart>"; exit 1;;
esac
I made slight change in "startup.sh" file too (replaced old exec line):
exec authbind --deep "$PRGDIR"/"$EXECUTABLE" start "$@"
my setenv.sh file:
CATALINA_OPTS="-Djava.awt.headless=true -Djava.net.preferIPv4Stack=true
-Xmx512m -XX:+UseConcMarkSweepGC"
export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/local/apr/lib"
I installed authbind previously and executed following lines:
sudo touch /etc/authbind/byport/80
sudo chmod 500 /etc/authbind/byport/80
sudo chown tomcat7 /etc/authbind/byport/80
When I am removing APR connector from server.xml, tomcat working fine with
tomcat7 user.
Regards,
Mubeen
On Thu, Jan 16, 2014 at 5:41 AM, Brett Delle Grazie <
brett.dellegra...@gmail.com> wrote:
> Hi,
>
> See interleaved.
>
>
> On 15 January 2014 16:53, Mubeen Shah <mubeens...@gmail.com> wrote:
>
> > Hello,
> >
> > I am trying to configure tomcat 7 on ubuntu machine and wanted to run it
> as
> > non-root on port 80, Here is what I did so far:
> >
> > OS (Ubuntu 12.04 LTS):
> >
> > - installed oracle JDK 1.7.0_45 using "apt-get"
> > - downloaded and extracted tomcat 7.0.50 (.gz format)
> > - created ubuntu user 'tomcat' and granted 'chown -R CATALINA_HOME' to
> this
> > user
> > - changed tomcat default port to 80 in server.xml
> > - installed and configured authbind tool
> > - created sh script "/etc/init.d/tomcat7" to start tomcat as tomcat user.
> >
>
> What was in this script?
>
>
> > - tomcat 7 was working as expected on 80 port as non-root user.
> >
>
> That is surprising, see further below.
>
>
> > - later I configured APR 1.5.0 and tried to run tomcat again, I got this
> > error:
> >
> > Jan 15, 2014 6:24:45 AM org.apache.catalina.core.AprLifecycleListener
> init
> > INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR
> > version 1.5.0.
> > Jan 15, 2014 6:24:45 AM org.apache.catalina.core.AprLifecycleListener
> init
> > INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
> > [false], random [true].
> > Jan 15, 2014 6:24:46 AM org.apache.catalina.core.AprLifecycleListener
> > initializeSSL
> > INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012)
> > Jan 15, 2014 6:24:46 AM org.apache.coyote.AbstractProtocol init
> > INFO: Initializing ProtocolHandler ["http-apr-80"]
> > Jan 15, 2014 6:24:46 AM org.apache.coyote.AbstractProtocol init
> > SEVERE: Failed to initialize end point associated with ProtocolHandler
> > ["http-apr-80"]
> > java.lang.Exception: Socket bind failed: [13] Permission denied
> > at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:430)
> > at
> >
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640)
> > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
> > at
> > org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
> > at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
> > at
> >
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
> > at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
> > at
> >
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
> > at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:664)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:606)
> > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)
> >
>
> This is expected.
>
>
> >
> > If I am removing out this line from server.xml:
> > <Listener className="org.apache.catalina.core.AprLifecycleListener"
> > SSLEngine="on" />
> >
> > Tomcat working on 80 port as non-root user and starting "http-bio-80"
> > properly.
> >
> > Another thing is if I am trying to run tomcat as "root" along with APR
> > support, its working just fine.
> >
> > Any advise why its working on "http-bio-80" while throwing bind exception
> > on "http-apr-80"??
> >
>
> Linux will not allow anything but root to bind on ports < 1024.
> Usually the process starts as root, binds to the port and then drops it's
> privileges back to the desired user.
> You'll need to use jsvc to start Tomcat and drop privileges. It is simply
> apache commons daemon and you should use version 1.0.15 or higher, I'm not
> sure what version is in 12.04 LTS so you may need to compile it.
>
> Some documentation is here:
> http://tomcat.apache.org/tomcat-7.0-doc/setup.html
> http://commons.apache.org/proper/commons-daemon/jsvc.html
>
> There are a couple of other options described here:
>
> http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F
>
> But the best one is commons daemon / jsvc.
>
>
> > Regards,
> > Mubeen
> >
>
>
> --
> Kind regards,
>
> Brett
>
