Re: New jsvc (commons-daemon-native); catalina.out is owned by root - WTF?

Wed, 01 Dec 2010 02:55:48 -0800 

Christopher,

On Tue, Nov 30, 2010 at 10:33 PM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
>
> Apache httpd acts this way:
>
Sure, since Apache is usually started within root-context ("sbin") -
so that does make sense.

When talking about servers, I'm not talking about a webserver but a
server such as Debian, RedHat etc.

And if you take a look into /var/logs, you can see exactly, that the
logs inside this directory partly don't belong to root as long as they
are not run within a root-context.

A good example ist mysql:

-rw-rw---- 1 mysql adm 344379 2009-09-30 12:13 mysql-full.log

And this is exactly the way it should be.

For the rest, I'm completely with you, and the solutions you pointed
out will work and already crossed my mind, except that the directory
is alreday umasked to 0022, still, catalina.out gives

-rw------- 1 root   root    7395 2010-12-01 11:51 catalina.out

Any hints on that?

But what's really puzzling me - and for which I don't have any
explanation - is, that with the old version of jsvc, catalina.out had
${TOMCAT_USER}-ownership (mind you: in the startup-script there's a
"su ${TOMCAT-USER} before starting jsvc), and to me it seems that this
has changed with the new version.

Furthermore, I'd like to give you some insights of a "Real
Life"-external-managed-services-root-server-installation within a big
financial coperation:

Here - and in quite some other companies I do know - it's common
practice to host the servers externally, having managed services.

Usually, this implies that you don't have root-access, simply for
liability-reasons. However, only basic Tomcat-maintenance is done by
the external hoster, and when deploying new webapps, our developers
need to be able to read al logs.

Therefore, such a behaviour as seen by the latest jsvc is making
developer's life quite complicated.

Anyhow, I guess I'll go for a chown inside the startup-script for now.

Thanks

Gregor
-- 
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available
@ http://pgpkeys.pca.dfn.de:11371
@ http://pgp.mit.edu:11371/
skype:rc46fi

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to