Hello,
I am able to run tomcat with jsvc daemon on port 80, but I can see
"jsvc.exec" process twice with different pid (one with root and other with
non-root):
root 28890 0.0 0.0 jsvc.exec -java-home /usr/lib/jvm/java-7-oracle
-user tomcat7 -pidfile /opt/tomcat7/logs/catalina-daemon.pid -wait 10
-outfile /opt/tomcat7/logs/catalina-daemon.out -errfile &1 -classpath
/opt/tomcat7/bin/bootstrap.jar:/opt/tomcat7/bin/commons-daemon.jar:/opt/tomcat7/bin/tomcat-juli.jar
-Djava.util.logging.config.file=/opt/tomcat7/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Xmx512m
-XX:+UseConcMarkSweepGC -Djava.endorsed.dirs= -Dcatalina.base=/opt/tomcat7
-Dcatalina.home=/opt/tomcat7 -Djava.io.tmpdir=/opt/tomcat7/temp
org.apache.catalina.startup.Bootstrap
tomcat7 28891 3.1 4.6 jsvc.exec -java-home /usr/lib/jvm/java-7-oracle
-user tomcat7 -pidfile /opt/tomcat7/logs/catalina-daemon.pid -wait 10
-outfile /opt/tomcat7/logs/catalina-daemon.out -errfile &1 -classpath
/opt/tomcat7/bin/bootstrap.jar:/opt/tomcat7/bin/commons-daemon.jar:/opt/tomcat7/bin/tomcat-juli.jar
-Djava.util.logging.config.file=/opt/tomcat7/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Xmx512m
-XX:+UseConcMarkSweepGC -Djava.endorsed.dirs= -Dcatalina.base=/opt/tomcat7
-Dcatalina.home=/opt/tomcat7 -Djava.io.tmpdir=/opt/tomcat7/temp
org.apache.catalina.startup.Bootstrap
while process with "root" not consuming memory or cpu, so is it normal jsvc
behavior or I missed something?
Regards,
Mubeen
On Thu, Jan 16, 2014 at 1:53 PM, Mubeen Shah <mubeens...@gmail.com> wrote:
> Thank you Brett for your comments.
>
> Here is tomcat startup script (/etc/init.d/tomcat7)
>
> #!/bin/bash
> # tomcat start/stop script
>
> export JAVA_HOME=/usr/lib/jvm/java-7-oracle
> export CATALINA_HOME=/opt/tomcat7
>
> start() {
> su tomcat7 -s /bin/sh -c $CATALINA_HOME/bin/startup.sh
> }
>
> stop() {
> su tomcat7 -s /bin/sh -c $CATALINA_HOME/bin/shutdown.sh
> }
>
> case $1 in
> start|stop) $1;;
> restart) stop; start;;
> *) echo "Run as $0 <start|stop|restart>"; exit 1;;
> esac
>
> I made slight change in "startup.sh" file too (replaced old exec line):
> exec authbind --deep "$PRGDIR"/"$EXECUTABLE" start "$@"
>
> my setenv.sh file:
> CATALINA_OPTS="-Djava.awt.headless=true -Djava.net.preferIPv4Stack=true
> -Xmx512m -XX:+UseConcMarkSweepGC"
> export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/local/apr/lib"
>
> I installed authbind previously and executed following lines:
> sudo touch /etc/authbind/byport/80
> sudo chmod 500 /etc/authbind/byport/80
> sudo chown tomcat7 /etc/authbind/byport/80
>
> When I am removing APR connector from server.xml, tomcat working fine with
> tomcat7 user.
>
> Regards,
> Mubeen
>
> On Thu, Jan 16, 2014 at 5:41 AM, Brett Delle Grazie <
> brett.dellegra...@gmail.com> wrote:
>
>> Hi,
>>
>> See interleaved.
>>
>>
>> On 15 January 2014 16:53, Mubeen Shah <mubeens...@gmail.com> wrote:
>>
>> > Hello,
>> >
>> > I am trying to configure tomcat 7 on ubuntu machine and wanted to run
>> it as
>> > non-root on port 80, Here is what I did so far:
>> >
>> > OS (Ubuntu 12.04 LTS):
>> >
>> > - installed oracle JDK 1.7.0_45 using "apt-get"
>> > - downloaded and extracted tomcat 7.0.50 (.gz format)
>> > - created ubuntu user 'tomcat' and granted 'chown -R CATALINA_HOME' to
>> this
>> > user
>> > - changed tomcat default port to 80 in server.xml
>> > - installed and configured authbind tool
>> > - created sh script "/etc/init.d/tomcat7" to start tomcat as tomcat
>> user.
>> >
>>
>> What was in this script?
>>
>>
>> > - tomcat 7 was working as expected on 80 port as non-root user.
>> >
>>
>> That is surprising, see further below.
>>
>>
>> > - later I configured APR 1.5.0 and tried to run tomcat again, I got this
>> > error:
>> >
>> > Jan 15, 2014 6:24:45 AM org.apache.catalina.core.AprLifecycleListener
>> init
>> > INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR
>> > version 1.5.0.
>> > Jan 15, 2014 6:24:45 AM org.apache.catalina.core.AprLifecycleListener
>> init
>> > INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
>> > [false], random [true].
>> > Jan 15, 2014 6:24:46 AM org.apache.catalina.core.AprLifecycleListener
>> > initializeSSL
>> > INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012)
>> > Jan 15, 2014 6:24:46 AM org.apache.coyote.AbstractProtocol init
>> > INFO: Initializing ProtocolHandler ["http-apr-80"]
>> > Jan 15, 2014 6:24:46 AM org.apache.coyote.AbstractProtocol init
>> > SEVERE: Failed to initialize end point associated with ProtocolHandler
>> > ["http-apr-80"]
>> > java.lang.Exception: Socket bind failed: [13] Permission denied
>> > at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:430)
>> > at
>> >
>> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640)
>> > at
>> org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
>> > at
>> > org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
>> > at
>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
>> > at
>> >
>> org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
>> > at
>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
>> > at
>> >
>> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
>> > at
>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
>> > at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
>> > at org.apache.catalina.startup.Catalina.load(Catalina.java:664)
>> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> > at
>> >
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> > at
>> >
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> > at java.lang.reflect.Method.invoke(Method.java:606)
>> > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
>> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)
>> >
>>
>> This is expected.
>>
>>
>> >
>> > If I am removing out this line from server.xml:
>> > <Listener className="org.apache.catalina.core.AprLifecycleListener"
>> > SSLEngine="on" />
>> >
>> > Tomcat working on 80 port as non-root user and starting "http-bio-80"
>> > properly.
>> >
>> > Another thing is if I am trying to run tomcat as "root" along with APR
>> > support, its working just fine.
>> >
>> > Any advise why its working on "http-bio-80" while throwing bind
>> exception
>> > on "http-apr-80"??
>> >
>>
>> Linux will not allow anything but root to bind on ports < 1024.
>> Usually the process starts as root, binds to the port and then drops it's
>> privileges back to the desired user.
>> You'll need to use jsvc to start Tomcat and drop privileges. It is simply
>> apache commons daemon and you should use version 1.0.15 or higher, I'm not
>> sure what version is in 12.04 LTS so you may need to compile it.
>>
>> Some documentation is here:
>> http://tomcat.apache.org/tomcat-7.0-doc/setup.html
>> http://commons.apache.org/proper/commons-daemon/jsvc.html
>>
>> There are a couple of other options described here:
>>
>> http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F
>>
>> But the best one is commons daemon / jsvc.
>>
>>
>> > Regards,
>> > Mubeen
>> >
>>
>>
>> --
>> Kind regards,
>>
>> Brett
>>
>
>
