Installing Tomcat with commons-daemon (jsvc)

Installing Tomcat with commons-daemon (jsvc)

Most installation that I've seen of Tomcat is made with tomcat running as root. This could potentially be a disasters security hole. Most Linux systems only allow the root to listen to port 80...which is why many users of tomcat under Linux run tomcat as root. With jscv, the process will start off as root but later on will change owner to a user of your choice.

 

 

Installation

Create the user to run tomcat under with

useradd tomcat

This will create a directory under

/home/tomcat

Download and install tomcat under /usr/tomcat. This is how my tomcat directory looks like

ls -l /home/tomcat
drwxr-xr-x  3 tomcat tomcat  4096 Dec 13 02:51 bin
drwxr-xr-x  6 tomcat tomcat    56 Sep 23 09:42 common
drwxr-xr-x  3 tomcat tomcat  4096 Dec 13 05:18 conf
-rw-r--r--  1 tomcat tomcat 11357 Sep 23 09:44 LICENSE
drwxr-xr-x  2 tomcat tomcat    25 Dec 13 02:51 logs
-rw-r--r--  1 tomcat tomcat   688 Sep 23 09:44 NOTICE
-rw-r--r--  1 tomcat tomcat  6403 Sep 23 09:42 RELEASE-NOTES
-rw-r--r--  1 tomcat tomcat  7006 Sep 23 09:44 RUNNING.txt
drwxr-xr-x  5 tomcat tomcat    44 Sep 23 09:42 server
drwxr-xr-x  4 tomcat tomcat    30 Sep 23 09:42 shared
drwxr-xr-x  2 tomcat tomcat     6 Sep 23 09:42 temp
drwxr-xr-x  3 tomcat tomcat    35 Dec 13 05:17 webapps
drwxr-xr-x  3 tomcat tomcat    21 Dec 13 02:52 work

Compile the jscv code by following the instructions on http://tomcat.apache.org/tomcat-5.0-doc/setup.html

 

Run As Service

Tomcat 5.x ship with a tomcat service file which you can use and modify. However, it's written to be used with Java 1.4. To use it with Java 1.5 you need to tweak it some more or use the following file. Please note the items in red. Tomcat user and the JDK path which you must update to fit your system. Also make sure the DAEMON_HOME executable is in the right place.

#!/bin/sh
#
# Startup script for Tomcat, the Apache Servlet Engine
#
# chkconfig: 345 80 20
# description: Tomcat is the Apache Servlet Engine
# processname: tomcat
# pidfile: /var/run/tomcat.pid
#
# Mike Millson <*******@meritonlinesystems.com>
#
# version 1.02 - Clear work directory on shutdown per John Turner suggestion.
# version 1.01 - Cross between Red Hat Tomcat RPM and Chris Bush scripts

TOMCAT_PROG=tomcat
JAVA_HOME='/usr/java/jdk1.5.0_06'
CATALINA_HOME='/home/tomcat/'
DAEMON_HOME=$CATALINA_HOME/bin/jsvc
TMP_DIR=/var/tmp
CATALINA_OPTS=
CLASSPATH=\
$JAVA_HOME/lib/tools.jar:\
$CATALINA_HOME/bin/commons-daemon.jar:\
$CATALINA_HOME/bin/bootstrap.jar

# if TOMCAT_USER is not set, use tomcat like Apache HTTP server
if [ -z "$TOMCAT_USER" ]; then
 TOMCAT_USER="tomcat"
fi

RETVAL=0

# start and stop functions
start() {
    echo -n "Starting tomcat: "
    chown -R $TOMCAT_USER:$TOMCAT_USER /home/tomcat/*
    $DAEMON_HOME \
    -user $TOMCAT_USER \
    -home $JAVA_HOME \
    -Dcatalina.home=$CATALINA_HOME \
    -Djava.io.tmpdir=$TMP_DIR \
    -Djava.awt.headless=true \
    -outfile $CATALINA_HOME/logs/catalina.out \
    -errfile '&1' \
    $CATALINA_OPTS \
    -cp $CLASSPATH \
    org.apache.catalina.startup.Bootstrap
    # To get a verbose JVM
    #-verbose \
    # To get a debug of jsvc.
    #-debug \

    RETVAL=$?
    echo
    [ $RETVAL = 0 ] && touch /var/lock/subsys/tomcat
    return $RETVAL
}

stop() {
    echo -n "Stopping tomcat: "
    PID=`cat /var/run/jsvc.pid`
    kill $PID
    RETVAL=$?
    echo
    [ $RETVAL = 0 ] && rm -f /var/lock/subsys/tomcat /var/run/tomcat.pid
}

# See how we were called.
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart)
        stop
        # Ugly hack
        # We should really make sure tomcat
        # is stopped before leaving stop
        sleep 5
        start
        ;;
  *)
        echo "Usage: $0 {start|stop|restart}"
        exit 1
esac

exit $RETVAL

Start and Stop

To start tomcat, use (on redhat)

service tomcat start

To stop

service tomcat stop

from http://waelchatila.com/2005/12/13/1134504717808.html

commons의 daemon을 이용해서 일반유저로 톰캣을 80포트로 올리는 법입니다

이전에 jsvc가 이미 make 되어 있어야 합니다