Re: [OT] run tomcat as tomcat user
Rusty Wright wrote: [...] The \( \) is the grouping thing where what matches in it is then substituted for as the \1 on the right hand side. Yes, but if you escape them with \ , do they still get seen as (meta) grouping indicators, or as plain ( and ) ? (I don't remember what sed wants precisely, but in a perl regex, escaping the () would not work as you intend; it would look for real (), and not group. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] run tomcat as tomcat user
When you put a backslash in front of them they become part of the matching machinery's special characters, like . [ and so on. Without the backslash they're normal characters and matched as-is. So if you had the sed command s/(a)+/z/ and you fed it the string aaa, you would not get back z. You'd only get back z if you fed it the string (a)+. These old regexps of the ed lineage also didn't use the newfangled + notation; you had to list how many you wanted to match, or zero or more; a* would match zero or more, aa* would match one or more, etc. André Warnier wrote: Rusty Wright wrote: [...] The \( \) is the grouping thing where what matches in it is then substituted for as the \1 on the right hand side. Yes, but if you escape them with \ , do they still get seen as (meta) grouping indicators, or as plain ( and ) ? (I don't remember what sed wants precisely, but in a perl regex, escaping the () would not work as you intend; it would look for real (), and not group. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] run tomcat as tomcat user
Rusty Wright wrote:
I love shell script hacks so my /etc/init.d/tomcat script has the
following in the upper part where it's setting variables:
TOMCAT_HOME=`grep ^tomcat /etc/passwd | sed -e
's/.*:.*:.*:.*:.*:\(.*\):.*/\1/'`
You love shell scripts, but don't seem to love regexp's.
export CATALINA_BASE=${TOMCAT_HOME}
Perhaps instead of .* I could have used [^:]*
Yes. That alone will probably make you regexp about 10,000 times
faster. As first written, the first .* will match everything to the
end of the string, but then fail to find the next :. So it will
backtrack one character and try again.
When it has found the last :, it will fail to match with the next
.*, so it will backtrack.
And so on...
I don't think 10,000 does it justice. ;-)
I also don't think you want to escape the ().
On the other hand, I think cut might be your friend here.
grep ^tomcat /etc/passwd | cut -d: -f 6
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] run tomcat as tomcat user
Thanks; good point about the speedup by not using .* (although since this is in
a boot script, in this case it shouldn't really matter much). The \( \) is the
grouping thing where what matches in it is then substituted for as the \1 on
the right hand side. Cut is one of those commands I never remember to use,
same with xargs.
André Warnier wrote:
Rusty Wright wrote:
I love shell script hacks so my /etc/init.d/tomcat script has the
following in the upper part where it's setting variables:
TOMCAT_HOME=`grep ^tomcat /etc/passwd | sed -e
's/.*:.*:.*:.*:.*:\(.*\):.*/\1/'`
You love shell scripts, but don't seem to love regexp's.
export CATALINA_BASE=${TOMCAT_HOME}
Perhaps instead of .* I could have used [^:]*
Yes. That alone will probably make you regexp about 10,000 times
faster. As first written, the first .* will match everything to the
end of the string, but then fail to find the next :. So it will
backtrack one character and try again.
When it has found the last :, it will fail to match with the next
.*, so it will backtrack.
And so on...
I don't think 10,000 does it justice. ;-)
I also don't think you want to escape the ().
On the other hand, I think cut might be your friend here.
grep ^tomcat /etc/passwd | cut -d: -f 6
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: run tomcat as tomcat user
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rusty, Rusty Wright wrote: It's set up so that tomcat runs as the user tomcat. In order to do that you'll need to tweak the ownership of the files in the tomcat directory. I would recommend that, instead of modifying the ownership of the Tomcat installation directory, you instead use CATALINA_BASE set to somewhere that has appropriate permissions for the user in question. Something like /home/tomcat. This also allows you to upgrade Tomcat much more easily just by adjusting the path to startup.bat and bouncing Tomcat. If the OP is using this script as part of the system startup (that is, it is running as root), then you'll need to adjust the startup command to be: su - tomcat -c /path/to/tomcat/bin/startup.sh This will switch to the tomcat user before launching Tomcat. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkl6EF8ACgkQ9CaO5/Lv0PDolACgwG/Rx+cpzb8GuX4BOzjEhakU Yq8An05jNk9mz17qCMpo44i1NfrIUDX2 =1D1X -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: run tomcat as tomcat user
Thanks, I like that suggestion. So, to use your method, using the su below, would I do export CATALINA_BASE=/home/tomcat su - tomcat -c /path/to/tomcat/bin/startup.sh Do I need to copy anything from the original tomcat directory to /home/tomcat, or do I need to make any directories in it? Or is it simply a replacement for the tomcat/webapps directory? Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rusty, Rusty Wright wrote: It's set up so that tomcat runs as the user tomcat. In order to do that you'll need to tweak the ownership of the files in the tomcat directory. I would recommend that, instead of modifying the ownership of the Tomcat installation directory, you instead use CATALINA_BASE set to somewhere that has appropriate permissions for the user in question. Something like /home/tomcat. This also allows you to upgrade Tomcat much more easily just by adjusting the path to startup.bat and bouncing Tomcat. If the OP is using this script as part of the system startup (that is, it is running as root), then you'll need to adjust the startup command to be: su - tomcat -c /path/to/tomcat/bin/startup.sh This will switch to the tomcat user before launching Tomcat. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkl6EF8ACgkQ9CaO5/Lv0PDolACgwG/Rx+cpzb8GuX4BOzjEhakU Yq8An05jNk9mz17qCMpo44i1NfrIUDX2 =1D1X -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: run tomcat as tomcat user
To answer my own question; I did some google searching and figured out that you
need to copy the tomcat conf directory to ~tomcat and also create the
directories ~/tomcat/logs, ~/tomcat/temp, and ~/tomcat/work; all owned by
tomcat. Then copy over the webapps directory, or make a new one in ~tomcat and
copy over the wars.
So my ~tomcat looks like the following:
r...@test1:/home/tomcat# ls -l
total 20
drwxr-xr-x 2 tomcat tomcat 4096 2009-01-23 11:41 conf/
drwxr-xr-x 2 tomcat tomcat 4096 2009-01-23 11:41 logs/
drwxr-xr-x 2 tomcat tomcat 4096 2009-01-23 11:42 temp/
drwxrwxr-x 8 rusty tomcat 4096 2009-01-23 11:42 webapps/
drwxr-xr-x 3 tomcat tomcat 4096 2009-01-23 11:41 work/
r...@wss-test1:/home/tomcat# ls -l conf
total 92
-rw-r--r-- 1 tomcat tomcat 8690 2008-07-21 17:01 catalina.policy
-rw-r--r-- 1 tomcat tomcat 3665 2008-07-21 17:01 catalina.properties
-rw-r--r-- 1 tomcat tomcat 1395 2008-11-19 14:22 context.xml
-rw-r--r-- 1 tomcat tomcat 3664 2008-07-21 17:01 logging.properties
-rw-r--r-- 1 tomcat tomcat 6460 2008-07-21 17:01 server.xml
-rw-r--r-- 1 tomcat tomcat 165 2009-01-23 11:41 tomcat-users.xml
-rw-r--r-- 1 tomcat tomcat 50105 2008-11-19 14:23 web.xml
I love shell script hacks so my /etc/init.d/tomcat script has the following in
the upper part where it's setting variables:
TOMCAT_HOME=`grep ^tomcat /etc/passwd | sed -e 's/.*:.*:.*:.*:.*:\(.*\):.*/\1/'`
export CATALINA_BASE=${TOMCAT_HOME}
Perhaps instead of .* I could have used [^:]*
Rusty Wright wrote:
Thanks, I like that suggestion.
So, to use your method, using the su below, would I do
export CATALINA_BASE=/home/tomcat
su - tomcat -c /path/to/tomcat/bin/startup.sh
Do I need to copy anything from the original tomcat directory to
/home/tomcat, or do I need to make any directories in it? Or is it
simply a replacement for the tomcat/webapps directory?
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rusty,
Rusty Wright wrote:
It's set up so that tomcat runs as the user tomcat. In order to do that
you'll need to tweak the ownership of the files in the tomcat
directory.
I would recommend that, instead of modifying the ownership of the Tomcat
installation directory, you instead use CATALINA_BASE set to somewhere
that has appropriate permissions for the user in question. Something
like /home/tomcat.
This also allows you to upgrade Tomcat much more easily just by
adjusting the path to startup.bat and bouncing Tomcat.
If the OP is using this script as part of the system startup (that is,
it is running as root), then you'll need to adjust the startup command
to be:
su - tomcat -c /path/to/tomcat/bin/startup.sh
This will switch to the tomcat user before launching Tomcat.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkl6EF8ACgkQ9CaO5/Lv0PDolACgwG/Rx+cpzb8GuX4BOzjEhakU
Yq8An05jNk9mz17qCMpo44i1NfrIUDX2
=1D1X
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: run tomcat as tomcat user
From: Rusty Wright [mailto:rusty.wri...@gmail.com] Subject: Re: run tomcat as tomcat user To answer my own question; I did some google searching and figured out that you need to copy the tomcat conf directory to ~tomcat and also create the directories ~/tomcat/logs, ~/tomcat/temp, and ~/tomcat/work; all owned by tomcat. Or you could have read RUNNING.txt from the Tomcat installation directory, where all this is documented. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: run tomcat as tomcat user
Kaushal Shriyan wrote: Hi I am not able to start tomcat as tomcat user on ubutu 8.04 Linux, Below is my start/stop script Any ideas as what is going wrong ? I think the way you are using the su command is wrong. Try : su - (userid) -c command + params You also probably want to re-direct the output of command to /dev/null etc.. Using another of the scripts existing in /etc/init.d as template, and modifying it, may be a better idea. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: run tomcat as tomcat user
André Warnier wrote:
Kaushal Shriyan wrote:
Hi
I am not able to start tomcat as tomcat user on ubutu 8.04 Linux,
Below is my start/stop script
Any ideas as what is going wrong ?
I think the way you are using the su command is wrong.
Try :
su - (userid) -c command + params
You also probably want to re-direct the output of command to /dev/null
etc..
Using another of the scripts existing in /etc/init.d as template, and
modifying it, may be a better idea.
As André Warnier suggests, install an init script to handle the startup
and shutdown of Tomcat as a non-privileged user. The following notes
assume a RedHat like Linux distro, such as Fedora or CentOS, but should
be helpful to Ubuntu or Debian users:
1. Configure the environment for the non-privileged user by adding the
following lines to the end of the file .bash_profile found in the
user's home directory:
JAVA_HOME=/usr/java/default
CATALINA_HOME=$HOME/tomcat
CATALINA_OPTS=-Xms256M -Xmx1000M -XX:MaxPermSize=128M
export JAVA_HOME CATALINA_HOME CATALINA_OPTS
Adjust the heap settings to suit your requirements.
2. As root, install an init script like the following to the /etc/init.d
directory:
#!/bin/sh
# Start the webapp container
TOMCAT_USER=web
tomcat_start () {
su -l -c /home/$TOMCAT_USER/tomcat/bin/startup.sh $TOMCAT_USER
}
tomcat_stop () {
su -l -c /home/$TOMCAT_USER/tomcat/bin/shutdown.sh $TOMCAT_USER
}
case $1 in
start)
tomcat_start
;;
stop)
tomcat_stop
;;
restart)
tomcat_stop
sleep 30
tomcat_start
;;
*)
echo Usage: /etc/init.d/tomcat {start|stop|restart}
exit 1
;;
esac
exit 0
3. Assuming that the init script has been installed as
/etc/init.d/tomcat, then run the following commands as root:
# chmod 755 /etc/init.d/tomcat
# ln /etc/init.d/tomcat /etc/rc0.d/K13tomcat
# ln /etc/init.d/tomcat /etc/rc1.d/K13tomcat
# ln /etc/init.d/tomcat /etc/rc2.d/S69tomcat
# ln /etc/init.d/tomcat /etc/rc3.d/S69tomcat
# ln /etc/init.d/tomcat /etc/rc4.d/S69tomcat
# ln /etc/init.d/tomcat /etc/rc5.d/S69tomcat
# ln /etc/init.d/tomcat /etc/rc6.d/K13tomcat
I find that using hard links rather than sym links makes it easier to
find all links to an init script using find(1).
4. Tomcat will have to listen on unprivileged ports, such as 8080 and
8443, so you can either proxy from Apache, or if you have no need to
run a web server as well as Tomcat then you can use the following
commands to enable port forwarding:
# /sbin/iptables -A FORWARD -p tcp --destination-port 80 -j ACCEPT
# /sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp
--destination-port 80 --to-ports 8080
# /sbin/iptables -A FORWARD -p tcp --destination-port 443 -j ACCEPT
# /sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp
--destination-port 443 --to-ports 8443
# /sbin/service iptables save
# chkconfig iptables on
# service iptables start
Hope this helps,
Chris
--
Chris Wareham
Senior Software Engineer
Visit London Ltd
6th floor,
2 More London Riverside, London SE1 2RR
Tel: +44 (0)20 7234 5848
Fax: +44 (0)20 7234 5753
www.visitlondon.com
'Visit London Limited' is registered in England under No.761149;
Registered Office: Visit London, 2 More London Riverside, London SE1 2RR.
Visit London is the official visitor organisation for London. Visit London is
partly funded by Partnership, the Mayor's London Development Agency and London
Councils.
The information contained in this e-mail is confidential and intended for the
named recipient(s) only. If you have received it in error, please notify the
sender immediately and then delete the message. If you are not the intended
recipient, you must not use, disclose, copy or distribute this email. The views
expressed in this e-mail are those of the individual and not of Visit London.
We reserve the right to read and monitor any email or attachment entering or
leaving our systems without prior notice.
Please don't print this e-mail unless you really need to.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
run tomcat as tomcat user
Hi
I am not able to start tomcat as tomcat user on ubutu 8.04 Linux,
Below is my start/stop script
Any ideas as what is going wrong ?
Thanks and Regards
Kaushal
###
#!/bin/sh
#
# Startup script for Tomcat
JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun
export JAVA_HOME
CATALINA_OPTS=-Xms512m -Xmx1m
export CATALINA_OPTS
start_tomcat=/usr/local/apache-tomcat-5.5.27/bin/startup.sh
stop_tomcat=/usr/local/apache-tomcat-5.5.27/bin/shutdown.sh
start() {
echo -n Starting tomcat:
su -c ${start_tomcat} tomcat
echo done.
}
stop() {
echo -n Shutting down tomcat:
${stop_tomcat}
echo done.
}
# See how we were called
case $1 in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 10
start
;;
*)
echo Usage: $0 {start|stop|restart}
esac
###
Re: run tomcat as tomcat user
(Repeating a reply I sent a week or so ago.)
I made this by modifying one for a different service.
It's set up so that tomcat runs as the user tomcat. In order to do that you'll
need to tweak the ownership of the files in the tomcat directory. I just made
everything owned by tomcat except webapps, which I own, but which is group
owned and writable by tomcat so it can explode the wars.
I'm on ubuntu (notice the two flavors of the functions file it sources).
You may not need the HUDSON_HOME stuff and I'm sure you won't need the
Dwaitlistd.host=${HOST} so delete stuff as necessary.
If you want it to run as root I'm guessing that you'd need to delete the
--chuid and --user lines.
#!/bin/sh
PATH=/bin:/usr/bin:/sbin:/usr/sbin
export PATH
export JAVA_OPTS=-server
export JAVA_HOME=/usr/java
export TOMCAT_DIR=/usr/local/tomcat
export HUDSON_HOME=/usr/local/hudson
TOMCAT_START=${TOMCAT_DIR}/bin/startup.sh
TOMCAT_STOP=${TOMCAT_DIR}/bin/shutdown.sh
TOMCAT_USER=tomcat
HOST=`/bin/hostname | sed -e 's/\..*//'`
export JAVA_OPTS=-server -Dwaitlistd.host=${HOST}
test -f ${TOMCAT_START} || exit 0
# redhat
# . /etc/init.d/functions
# debian
. /lib/lsb/init-functions
case $1 in
'start')
log_daemon_msg Starting tomcat tomcat
cd /var/log
# ${TOMCAT_START}
eval /sbin/start-stop-daemon \
--start \
--quiet \
--chuid ${TOMCAT_USER} \
--user ${TOMCAT_USER} \
--startas ${TOMCAT_START}
log_end_msg $?
;;
'stop')
log_daemon_msg Stopping tomcat tomcat
# ${TOMCAT_STOP}
eval /sbin/start-stop-daemon \
--stop \
--quiet \
--user ${TOMCAT_USER} \
--startas ${TOMCAT_STOP}
log_end_msg $?
;;
'restart')
${0} stop
log_action_msg sleeping for several seconds ...
sleep 13
${0} start
;;
*)
log_action_msg Usage: ${0} {start|stop|restart}
;;
esac
Kaushal Shriyan wrote:
Hi
I am not able to start tomcat as tomcat user on ubutu 8.04 Linux,
Below is my start/stop script
Any ideas as what is going wrong ?
Thanks and Regards
Kaushal
###
#!/bin/sh
#
# Startup script for Tomcat
JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun
export JAVA_HOME
CATALINA_OPTS=-Xms512m -Xmx1m
export CATALINA_OPTS
start_tomcat=/usr/local/apache-tomcat-5.5.27/bin/startup.sh
stop_tomcat=/usr/local/apache-tomcat-5.5.27/bin/shutdown.sh
start() {
echo -n Starting tomcat:
su -c ${start_tomcat} tomcat
echo done.
}
stop() {
echo -n Shutting down tomcat:
${stop_tomcat}
echo done.
}
# See how we were called
case $1 in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 10
start
;;
*)
echo Usage: $0 {start|stop|restart}
esac
###
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
