> Costin, > > [EMAIL PROTECTED] wrote: > > > > That would be after all connectors have opened the ports, but before _any_ > > user code gets executed ( including the context init which trigers loading > > of on-startup servlets ). > > In Tomcat 4.x, the last port opened is in StandardServer.await() - this is the > shutdown port. The bad news is that all of the connectors are started before > this call. Hence, I suspect that there is, currently, a small window for user > code to get executed before the setuid would be called in StandardServer.await(). > > Looks like the Tomcat 4.x code in Catalina.start() will need to be reworked. > However, after a quick review of the code, I don't think it is that much work. > All of the connectors bind to their ports in their initialize() method and no > user code, AFAIK, is executed in this method. After all connectors are > intialized(), only then are the connectors started. So, I am thinking that all I > need to do is move the shutdown port binding out of StandardServer.await() and > into StandardServer.initialize(). Since StandardServer.initialize() invokes > initialize() on all of the connectors, I can put the setuid code at the end of > the StandardServer.initialize() method. > > Of course, this is how I think it will work so I definitely need to try it out. > Maybe later this week I will have some time to try this out and make sure that > it actually works.
jsvc and the Daemon code don't use the normal Bootstrap class, but rather use BootstrapService, which is the one which implements the Service/Daemon interface. This shouldn't call StandardServer.await, but rather will only call the start and stop method. So doing the setuid change during the daemon init method should work, since that's where the connectors are initialized. Or did I get something wrong ? BTW, let me know if you're interested in contributing to Daemon. I can add your name to the proposal in the commons. Same goes for Costin, Henri, etc, etc. The more people contributing to the component, the faster it will get out of the sandbox :) Remy -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
