On 7/4/24 2:46 PM, Bryan Buchanan wrote:
I'm running Tomcat 9.0.14 on Centos 8 with JDK 15.Tomcat is loaded in /opt/tomcat, the directory owned by "joe". If I login as "joe" and start Tomcat, everything is fine. We have people login to the Centos system to run the business application as "mary", "jane", "fred" etc. Sometimes they want to shutdown Tomcat, for example if they wish to load a price update to the DBMS or whatever. To enable them to do this from within the business application, I wrote a setuid() C program which sets the effective user as "joe" and executes /opt/tomcat/bin/shutdown.sh or /opt/tomcat/bin/startup.sh. This does startup Tomcat, but 10 minutes later it dies. Nothing is logged that is unusual. These are the last few lines when it dies: 04-Jul-2024 21:45:01.154 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [54,789] milliseconds 04-Jul-2024 21:54:10.149 INFO [Thread-3] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler ["http-nio-8080"] 04-Jul-2024 21:54:10.157 INFO [Thread-3] org.apache.catalina.core.StandardService.stopInternal Stopping service [Catalina] 04-Jul-2024 21:54:10.194 WARNING [Thread-3] org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesJdbc The web application [TPDRESTServer] registered the JDBC driver [org.postgresql.Driver] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered. 04-Jul-2024 21:54:10.196 WARNING [Thread-3] org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesThreads The web application [TPDRESTServer] appears to have started a thread named [Tomcat JDBC Pool Cleaner[862048902:1720093501299]] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread: java.base@15/java.lang.Object.wait(Native Method) java.base@15/java.util.TimerThread.mainLoop(Timer.java:553) java.base@15/java.util.TimerThread.run(Timer.java:506) 04-Jul-2024 21:54:10.231 INFO [Thread-3] org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler ["http-nio-8080"] 04-Jul-2024 21:54:10.243 INFO [Thread-3] org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler ["http-nio-8080"] My C program is: int main (int argc, char *argv[]) { if (argc != 2) { printf("%s", "Syntax: ManageTomcat START|STOP"); return(0); } printf("%s\n", argv[0]); printf("%s\n", argv[1]); setuid(1000); if(strcmp(argv[1], "STOP")) { system("/opt/apache-tomcat-9.0.14/bin/startup.sh"); } else { system("/opt/apache-tomcat-9.0.14/bin/shutdown.sh"); } return(1); } Any ideas would be appreciated. Bryan
I think you should check the return value of setuid. I don't think you can change the uid of a process that easily. Otherwise you could also write setuid(0), become root and that would look to me as a huge security hole. Regards, ~Z
