Hi André,
long time no see ;)
On Wed, Dec 1, 2010 at 12:20 PM, André Warnier <a...@ice-sa.com> wrote:
>
> As far as I know, these startup scripts are created by the packagers of
> Debian, RedHat etc.. when they wrap Tomcat in a platform-specific package.
> /They/ are the ones who decide how they call up jsvc, where the logfiles go,
> under what permissions etc..
>
That's actually not the case:
The startaup-script for Tomcat native comes with the jscv-sources,
meaning it's *not* some pre-packaged Debian-thing.
However, I guess I know what's going on:
The script is started from user Tomcat via "sudo". One parameter for
jsvc is the parameter "user".
When invoking jsvc with "--help", is says:
----- [ cut] --------
-user <user>
user used to run the daemon (defaults to current user)
----- [ cut] --------
Seems somehow to work, since a
ps -aux | more | grep tomcat
gives
tomcat 29386 0.9 3.4 1651348 139244 ? Sl 16:31 0:25
jsvc.exec -user tomcat -home /home/tomcat/local/jdk15/
-Dcatalina.home=/home/tomcat/local/tomcat55/
-Dcatalina.base=/home/tomcat/local/tomcat55/ -Djava.io.tmpdir=/var/tmp
-Dlog4j.configuration=log4j.xml -wait 10 -pidfile /var/run/jsvc.pid
-outfile /home/tomcat/local/tomcat55//logs/catalina.out -errfile &1
-Xmx1024m -XX:PermSize=256m -XX:+DisableExplicitGC
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.util.logging.config.file=/home/tomcat/local/tomcat55//conf/logging.properties
-Xdebug -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n
-cp
/home/tomcat/local/jdk15//lib/tools.jar:/home/tomcat/local/tomcat55//bin/commons-daemon.jar:/home/tomcat/local/tomcat55//bin/bootstrap.jar
org
So you can clearly see, that the process is started from user
"tomcat", although the startup-script is started in root-context (due
to the "sudo"-command).
jsvc is *not* forking a jvm, but wrapping it and starting it with it's
own user-context, although it's supposed to change the user-context
according to the help-text I've listed above.
And I would be so picky if it had the same behaviour with version
5.5.20, but in 5.5.20 catalina.out had tomcat-ownership.
So it seems, somebody changed something here, and I'm even too dumb to
find anything in the changelogs, which I wouldn't like at all, either
being a tomcat-user or a comitter...
For the time being, I put this little fix into the startup-script, but
still, I'm not too happy with this hack:
#
# workaround to prevent root-ownership for catalina.out
#
if [ ! -f $CATALINA_HOME/logs/catalina.out ]; then
touch $CATALINA_HOME/logs/catalina.out
chown $TOMCAT_USER $CATALINA_HOME/logs/catalina.out
else
OWNER=`ls -l $CATALINA_HOME/logs/catalina.out | grep $TOMCAT_USER`
if [ -z "$OWNER" ]; then
chown $TOMCAT_USER:$TOMCAT_USER $CATALINA_HOME/logs/catalina.out
fi
fi
#
# end workaround
#
Cheers!
Gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available
@ http://pgpkeys.pca.dfn.de:11371
@ http://pgp.mit.edu:11371/
skype:rc46fi
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
