Hi guys, after i some hard hours we now able to start james with commons daemon :-) So we now able to start james as root and "drop" privileges after that to a other user. This is a big security enhancment .
Here is what i did to get it work:
1. Create a new jar which holds the necassary class to invoke phoenix
via commons daemon.
2. put commons-daemon.jar and phoenix-daemon-loader-0.1.jar ( the new
class) in the bin folder of james.
3. put jsvc.tar.gz in the bin directory of james ( this is the tools
which must be unpacked and compiled to start it). I put it in the bin
cause tomcat do this also. After unpack and compile it this should be
placed in the bin directory of james
4. Add a new startup script which start james via jsvc. In the script
you can modify some variables to set the new user james should run as
etc.
Please note that you need to change the user of the unpacked james
recursive to the user you want to run james as.
If noone have probles with this i whould commit it to trunk so all can
test. With commons daemon its also possible to run it as windows.. so
maybe we want to deprecate the wrapper.* and use procrun.exe (commons
daemon).
I whould also like to put this new feature in 2.3 cause its really a
nice enhancment and not needed to use .
Big thx goes out to Jean-frederic Clere which helps me to understand how
to get it to work :-) THX!!!!
bye
Norman
Am Mittwoch, den 19.07.2006, 10:32 +0200 schrieb Stefano Bagnara:
> Norman Maurer wrote:
> > I created a jar called phoenix-daemon-loader.jar which contains just
> > one class which is needed for jsvc to invoke phoenix. The class will be
> > posted on the end of the email.. I compiles jsvc and move it to the bin
> > path of james. I also moved the commons-daemon.jar and
> > phoenix-daemon-loader.jar in the dir.
>
> Hi Norman,
>
> I also tried with this class (add unpriviledgedDelay), but it didn't work:
>
> /**
> * Phoenix launcher using Commons daemon.
> */
> public class CommonsDaemonLauncher implements Daemon, Observer {
> private DaemonContext m_context;
>
> private DaemonController m_controller;
>
> private String[] m_args;
>
> private boolean m_debugEnabled = false;
>
> private int unpriviledgedDelay = 60;
>
> public void init(final DaemonContext daemonContext) throws Exception {
> m_context = daemonContext;
> m_controller = m_context.getController();
> m_args = m_context.getArguments();
> for (int i = 0; i < m_args.length; i++) {
> if ("-d".equals(m_args[i]) ||
> "--debug-init".equals(m_args[i])) {
> m_debugEnabled = true;
> }
> if (m_args[i].startsWith("--unpriviledged-delay=")) {
> unpriviledgedDelay = new
> Integer(m_args[i].substring(m_args[i].indexOf("=")+1)).intValue();
> }
> }
> }
>
> public void start() throws Exception {
> final Hashtable data = new Hashtable();
> data.put(Observer.class.getName(), this);
>
> Main.startup(m_context.getArguments(), data, false);
> Thread.sleep(1000*unpriviledgedDelay );
> }
>
> public void stop() throws Exception {
> Main.shutdown();
> }
>
> public void destroy() {
> }
>
> public void update(final Observable observable, final Object arg) {
> final String command = (null != arg) ? arg.toString() : "";
> if (command.equals("restart")) {
> if (m_debugEnabled) {
> log("CommonsDaemon: restart requested.");
> }
>
> m_controller.reload();
>
> if (m_debugEnabled) {
> // Should never get here???
> log("CommonsDaemon: restart completed.");
> }
> } else if (command.equals("shutdown")) {
> if (m_debugEnabled) {
> log("CommonsDaemon: shutdown requested.");
> }
>
> m_controller.shutdown();
>
> if (m_debugEnabled) {
> // Should never get here???
> log("CommonsDaemon: shutdown completed.");
> }
> } else {
> throw new IllegalArgumentException("Unknown action " +
> command);
> }
> }
>
> private void log(final String message) {
> System.out.print("CommonsDaemon: ");
> System.out.println(message);
> System.out.flush();
> }
> }
>
>
> Stefano
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
> !EXCUBATOR:1,44bdee2f43381065220303!
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
