You shouldn't be messing about with the ownership of the PID file. It is
created by jsvc at startup. If you use jsvc properly it will start as
root, create the pid file, startup tomcat, allow tomcat to bind to ports
80 and 443 and then switch to the user specified with -user switch.
When you install jsvc from the version which is part of the tomcat
distribution it comes with a shell script called 'tomcat'
Here's an (edited) extract from my version.
.....
# Set umask to avoid tomcat making tomcat-users.xml public readable
umask 027 # == 640
PID_FILE=/var/run/jsvc.pid
.....
/usr/lib/tcnative/jsvc \
-user $TOMCAT_USER \
-home $JAVA_HOME \
-Dcatalina.home=$CATALINA_HOME \
-Dcatalina.base=$CATALINA_BASE \
-Djava.io.tmpdir=$TMP_DIR \
-Xmx512m \
-XX:MaxPermSize=128m \
-wait 10 \
-pidfile $PID_FILE \
-outfile $CATALINA_HOME/logs/catalina.out \
-errfile '&1' \
$CATALINA_OPTS \
-cp $CLASSPATH \
org.apache.catalina.startup.Bootstrap
....
I set a lot of options in CATALINA_OPTS which are passed to the vm - for
example my JMX switches, various application configuration properties.
I set the umask to 027 because that makes files read/write for tomcat
and read-only for the tomcat group and read protected for the rest. This
was because tomcat re-writes the tomcat-users.xml (which I happen to be
using for the moment) at start up.
Gunnar Boström wrote:
Hi,
Answers to all of you who has responded.
I would be fine with 644 but I don't know how to set that.
see umask above
The file is owned by root so I'm not allowed to change it.
My umask is by default 0022 which should be okay. I tried to set the mask to
0000 but no change.
read about linux umask - you need to set it at the right point
I created a pid file with the correct permissions but as expected jsvc
ignored it.
You SPECIFY the pid file as a parameter to the startup of jsvc. -pidfile
as above.
So this is what you do - assuming you are using a startup script like
the provided 'tomcat':
1. Set an appropriate umask in the startup script
2. Set a pidfile location wherever you need it
3. start up tomcat
EITHER as root by going
./tomcat start
OR
sudo ./tomcat start if you want to stay as a normal logged in user.
You need to have your sudo permissions set of course - but that's
another longer story.
The whole point of using jsvc is that it allows you to change user from
a privileged user to a normal user because no-one should run a web
server as root.
HTH
I was hoping that there were some undocumented switches in jsvc that I could
use.
Regards
Gunnar
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
