Starting Tomcat 7 as a user - init.d script can't write pid
Most likely, the permissions of the /var/run
dir as on my machine are:
drwxr-xr-x 24 root root 740 Mar 22 11:48 run
So this folder is only writable by root.
Your script is switching to user tomcat
before starting the
service, so this won't work.
The script should make use of a tool like start-stop-daemon
which is able to tee out the PID file as root while starting the
service under a given UID.
See this script as an example of an init script which is using start-stop-daemon
.
Related videos on Youtube
PrecisionPete
Updated on September 18, 2022Comments
-
PrecisionPete over 1 year
I want to run Tomcat 7 as a user on CentOS 6. I've created a user
tomcat:tomcat
and changed the ownership under/var/lib/apache-tomcat*
etc...There are lots of docs online on how to do that but I don't think they are current. Most of them indicate that you do it as below. Problem is... this technique will bomb because the tomcat startup etc scripts can't write to the PID due to lower permissions on the file system. I don't want to start loosening write permissions on the file system. The goal is to increase security.
What is the better way to do this? I'm surprised there is not a "canned" init script for tomcat. I know it's not complicated. But why do we have to keep reinventing the wheel?
Thanks
I've been using this one for years. I don't recall where I got it. I just added
/bin/su tomcat
.# Startup script for the Jakarta Tomcat Java Servlets and JSP server # # chkconfig: - 85 15 # description: Jakarta Tomcat Java Servlets and JSP server # processname: tomcat # pidfile: /var/run/tomcat.pid # config: # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 # Set Tomcat environment. export JAVA_HOME=/usr/lib/jvm/java/ #export CLASSPATH=.:/usr/local/j2sdk/lib/tools.jar:/usr/local/j2re/lib/rt.jar export CATALINA_HOME=/var/lib/tomcat #export CATALINA_OPTS="-server -Xms64m -Xmx512m -Dbuild.compiler.emacs=true" #export PATH=/usr/local/j2sdk/bin:/usr/local/j2re/bin:$PATH export CATALINA_PID=/var/run/tomcat.pid [ -f $CATALINA_HOME/bin/startup.sh ] || exit 0 [ -f $CATALINA_HOME/bin/shutdown.sh ] || exit 0 export PATH=$PATH:/usr/bin:/usr/local/bin # See how we were called. case "$1" in start) # Start daemon. echo -n "Starting Tomcat: " /bin/su tomcat $CATALINA_HOME/bin/startup.sh RETVAL=$? echo [ $RETVAL = 0 ] && touch /var/lock/subsys/tomcat ;; stop) # Stop daemons. echo -n "Shutting down Tomcat: " /bin/su tomcat $CATALINA_HOME/bin/shutdown.sh RETVAL=$? echo [ $RETVAL = 0 ] && rm -f /var/lock/subsys/tomcat ;; restart) $0 stop sleep 1 $0 start ;; condrestart) [ -e /var/lock/subsys/tomcat ] && $0 restart ;; status) status tomcat ;; *) echo "Usage: $0 {start|stop|restart|status}" exit 1 esac exit 0
-
PrecisionPete about 10 yearsInteresting. It seems to be part of Debian. Is it safe to use on CentOS? Or is there a RHEL equivalent technique?
-
zhenech about 10 yearsRedHat/CentOS has
daemon
where Debian hasstart-stop-daemon
. Have a look at the answers here: stackoverflow.com/questions/394984/… -
PrecisionPete about 10 yearsI later discovered Tomcat supplies daemon.sh that looks like it's supposed to do all of this. But after setting up the obvious environment variables, I still can't get it to work. Should be easier than this...
-
vanthome about 10 yearsI don't know CentOS, I'm using Gentoo and there it's the standard for this job but I'm 100% sure Centos has an equivalent. Yes, some programs ship such scripts with them, I think you should try to get that one to work.