I see what you were trying to achieve, however I don't see much
interest in that.

1) Obviously, if you were expecting systemd to solve that problem, you
were wrong and it is a sane behavior of systemd to not allow that
neither.
2) Your solution to your problem is lying on jsvc alone.
3) I believe is bad security practice to insist to bind on privileged
ports for process that don't need that level of privilege.

Btw, even if you switch to another user to run the code, you actually
are binding to port 80 as root.

Maybe you can explain us why you want to do such a thing and using any
other unprivileged port isn't a solution to your problem.

Regards,
-----------------
Daniel Savard


2016-03-19 12:10 GMT-04:00 Lyallex <lyal...@gmail.com>:
> It's the simplest way to find out which port you have Tomcat listening on
>
> *NIX based systems don't allow non root uses bind to ports < 1024
>
> jsvc
> http://commons.apache.org/proper/commons-daemon/jsvc.html
>
> solves this problem, nobody seems to have grasped that this is what I
> was asking about.
> I know of no way to start the container, on port 80 using either
> startup.sh or catalina.sh using start, run or anything else.
> If I'm wrong then I would love to see how it's done.
>
> CentOS Linux release 7.2.1511 (Core)
>
>
> On 19 March 2016 at 13:46, Daniel Savard <daniel.sav...@gmail.com> wrote:
>> Why? What is the point? The server.xml has nothing to do with
>> integration with systemd.
>> -----------------
>> Daniel Savard
>>
>>
>> 2016-03-19 1:40 GMT-04:00 Lyallex <lyal...@gmail.com>:
>>> Would you mind posting your server.xml, here is the relevant bit from mine.
>>>
>>>  <Service name="Catalina">
>>>
>>>     <Connector port="80" protocol="HTTP/1.1"
>>>                connectionTimeout="20000"
>>>                redirectPort="8443" />
>>>
>>>     <Engine name="Catalina" defaultHost="localhost">
>>>
>>>       <Realm className="org.apache.catalina.realm.LockOutRealm">
>>>
>>>         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>>> resourceName="UserDatabase"/>
>>>
>>>       </Realm>
>>>
>>>       <Host name="localhost"  appBase="webapps" unpackWARs="true"
>>> autoDeploy="true">
>>>
>>>         <Valve className="org.apache.catalina.valves.AccessLogValve"
>>> directory="logs"
>>>                prefix="localhost_access_log" suffix=".txt"
>>>                rotatable="false" pattern="combined" />
>>>       </Host>
>>>
>>>     </Engine>
>>>   </Service>
>>>
>>> On 18 March 2016 at 23:35, Daniel Savard <daniel.sav...@gmail.com> wrote:
>>>> I believe all distros have over engineered the scripts to start
>>>> Tomcat. Forget all the scripts from your distro, learn the
>>>> signification of the environment variables from the catalina.sh script
>>>> shipped with the default Tomcat version. Define your variables in a
>>>> file, this file is not a script, so you cannot reuse a previously
>>>> defined variable, feed your systemd service definition file with this
>>>> file in the service section as EnvironmentFile=/path/name/to/your/file
>>>> ExecStart=/path/to/catalina.sh start
>>>> ExecStop=/path/to/catalina.sh stop
>>>>
>>>> and you are done. You control everything from the environment file,
>>>> you can easily manage the environment variables without editing the
>>>> systemd's service file.
>>>>
>>>> It is much simpler than the OpenRC set of scripts at my humble
>>>> opinion. I am running Gentoo at home and RHEL at work and both distros
>>>> wrapped Tomcat into too many layers of scripts in order to make it
>>>> working with OpenRC while none of these are required to run and manage
>>>> Tomcat with systemd.
>>>>
>>>> In particular with Gentoo, I no longer use the Tomcat distro packaged
>>>> with Gentoo because they separated the servlet api from Tomcat and you
>>>> need to wrap things into layers of scripts to define the classpath
>>>> properly taking this into account, the vanilla classpath.sh file
>>>> distributed with Tomcat doesn't work and so one. Really, they did a
>>>> very bad job at integrating Tomcat.
>>>>
>>>> Here is my service file:
>>>>
>>>> [Unit]
>>>> Description=Tomcat 8 (Dev)
>>>> After=syslog.target
>>>> After=network.target
>>>>
>>>> [Service]
>>>> EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env
>>>> Type=forking
>>>> User=tomcat
>>>> Group=tomcat
>>>> ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start
>>>> ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop
>>>>
>>>> [Install]
>>>> WantedBy=multi-user.target
>>>>
>>>>
>>>> And here is the content of my EnvironmentFile:
>>>>
>>>> CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds"
>>>> CATALINA_BASE="/tomcat/tomcat-8-dev"
>>>> CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out"
>>>> JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74"
>>>> CATALINA_PID="/var/run/tomcat-8-dev.pid"
>>>>
>>>>
>>>> -----------------
>>>> Daniel Savard
>>>>
>>>>
>>>> 2016-03-18 13:31 GMT-04:00 Lyallex <lyal...@gmail.com>:
>>>>> I thought you might be interested in the resolution to this.
>>>>>
>>>>> It turns out that we needed to reproduce the environment in tomcat.service
>>>>>
>>>>> For some reason
>>>>>
>>>>> ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work
>>>>> (file shown at the end of this message)
>>>>>
>>>>> Instead, in  /etc/systemd/system/tomcat.service
>>>>> we have had to reproduce the environment in longhand to get it to work.
>>>>> It appears that systemd doesn't expand variables so I really need to
>>>>> investigate the systemd Environment thing a bit more.
>>>>> Anyway, when I shutdown -r now the server comes back up and tomcat is
>>>>> running at the unprivileged tomcat user on port 80 so that's a result
>>>>>
>>>>> ============== /etc/systemd/system/tomcat.service ============
>>>>> [Unit]
>>>>> Description=Apache Tomcat Web Application Container
>>>>> After=network.target
>>>>>
>>>>> [Service]
>>>>> Type=forking
>>>>> User=root
>>>>>
>>>>> ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \
>>>>> -user tomcat \
>>>>> -home /opt/jdk1.7.0_45 \
>>>>> -Dcatalina.home=/opt/apache-tomcat-7.0.42 \
>>>>> -Dcatalina.base=/opt/apache-tomcat-7.0.42 \
>>>>> -Djava.io.tmpdir=/var/tmp \
>>>>> -Djava.awt.headless=true \
>>>>> -Xms512m \
>>>>> -Xmx1024m \
>>>>> -outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \
>>>>> -errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \
>>>>> -pidfile /var/run/tc7/jsvc.pid \
>>>>> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
>>>>> -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties
>>>>> \
>>>>> -cp 
>>>>> /opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar
>>>>> \
>>>>> org.apache.catalina.startup.Bootstrap
>>>>>
>>>>> ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid
>>>>> ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
>>>>>
>>>>> [Install]
>>>>> WantedBy=multi-user.target
>>>>>
>>>>>
>>>>> Oh happy day
>>>>> Thanks again to all responders
>>>>>
>>>>> Lyallex
>>>>>
>>>>> ========= /etc/rc.d/init.d/tomcat7  =========
>>>>>
>>>>> JAVA_HOME=/opt/jdk1.7.0_45
>>>>> CATALINA_HOME=/opt/apache-tomcat-7.0.42
>>>>> export JAVA_HOME CATALINA_HOME
>>>>> CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
>>>>> TOMCAT_USER=tomcat
>>>>> TMPDIR=/var/tmp
>>>>> PIDFILE=/var/run/tc7/jsvc.pid
>>>>>
>>>>>
>>>>> RC=0
>>>>>
>>>>> case "$1" in
>>>>>
>>>>>   start)
>>>>>
>>>>>    $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
>>>>> -Dcatalina.home=/opt/apache-tomcat-7.0.42
>>>>> -Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
>>>>> -Djava.awt.headless=true \
>>>>>      -Xms512m \
>>>>>      -Xmx1024m \
>>>>>      -outfile $CATALINA_HOME/logs/catalina.out \
>>>>>      -errfile $CATALINA_HOME/logs/catalina.err \
>>>>>      -pidfile '/var/run/tc7/jsvc.pid' \
>>>>>      -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
>>>>>      
>>>>> -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \
>>>>>      -cp $CLASSPATH  \
>>>>>      org.apache.catalina.startup.Bootstrap
>>>>>
>>>>>     RC=$?
>>>>>
>>>>>     [ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat
>>>>>     echo "starting tomcat7 on darkstar with:"
>>>>>     echo "JAVA_HOME=$JAVA_HOME"
>>>>>     echo "CATALINA_HOME=$CATALINA_HOME"
>>>>>     echo "CLASSPATH=$CLASSPATH"
>>>>>     echo "tomcat started"
>>>>>     ;;
>>>>>
>>>>>   stop)
>>>>>
>>>>>     PID=`cat /var/run/tc7/jsvc.pid`
>>>>>     kill $PID
>>>>>
>>>>>    RC=$?
>>>>>
>>>>>     [ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
>>>>>     echo "stopping tomcat7 on darkstar with:"
>>>>>     echo "JAVA_HOME=$JAVA_HOME"
>>>>>     echo "CATALINA_HOME=$CATALINA_HOME"
>>>>>     echo "CLASSPATH=$CLASSPATH"
>>>>>
>>>>>     echo "tomcat stopped"
>>>>>     ;;
>>>>>
>>>>>   *)
>>>>>         echo "Usage: $0 {start|stop}"
>>>>>         exit 1
>>>>> esac
>>>>> exit $RC
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to