summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoseph D. Wagner <joe@josephdwagner.info>2012-01-12 01:28:30 +0400
committerIvan Afonichev <ivan.afonichev@gmail.com>2012-01-12 01:28:30 +0400
commita4cdf56b82db3fd9a8405c21f6b73d2a31c5e49e (patch)
tree4b64659a4a579ee65ba2ba805f85752a745acb66
parent4cfe7cc5cd0f75874001c7a1c0a872192b2c0924 (diff)
downloadtomcat-a4cdf56b82db3fd9a8405c21f6b73d2a31c5e49e.tar.gz
tomcat-a4cdf56b82db3fd9a8405c21f6b73d2a31c5e49e.tar.xz
tomcat-a4cdf56b82db3fd9a8405c21f6b73d2a31c5e49e.zip
support jsvc for starting tomcat
-rw-r--r--tomcat-7.0-tomcat-sysd12
-rw-r--r--tomcat-7.0.wrapper9
-rw-r--r--tomcat.spec9
3 files changed, 29 insertions, 1 deletions
diff --git a/tomcat-7.0-tomcat-sysd b/tomcat-7.0-tomcat-sysd
index 1e79816..af3ed17 100644
--- a/tomcat-7.0-tomcat-sysd
+++ b/tomcat-7.0-tomcat-sysd
@@ -72,6 +72,12 @@ function start() {
chown ${TOMCAT_USER}:${TOMCAT_USER} $TOMCAT_LOG
fi
+ # if jsvc installed and USE_JSVC=true
+ # then start as root and use jsvc to drop privileges
+ if [ -x /usr/bin/jsvc ] && [ "$USE_JSVC" = "true" ]; then
+ TOMCAT_USER="root"
+ fi
+
parseOptions
if [ "$SECURITY_MANAGER" = "true" ]; then
$SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start-security" >> $TOMCAT_LOG 2>&1
@@ -81,6 +87,12 @@ function start() {
}
function stop() {
+ # if jsvc installed and USE_JSVC=true
+ # then start as root and use jsvc to drop privileges
+ if [ -x /usr/bin/jsvc ] && [ "$USE_JSVC" = "true" ]; then
+ TOMCAT_USER="root"
+ fi
+
parseOptions
$SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} stop" >> $TOMCAT_LOG 2>&1
}
diff --git a/tomcat-7.0.wrapper b/tomcat-7.0.wrapper
index ad3091b..5a81ae2 100644
--- a/tomcat-7.0.wrapper
+++ b/tomcat-7.0.wrapper
@@ -26,6 +26,15 @@ CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar"
CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
CLASSPATH="${CLASSPATH}:$(build-classpath commons-daemon 2>/dev/null)"
+# if jsvc installed and USE_JSVC=true
+# then use jsvc instead of calling java directly
+if [ -x /usr/bin/jsvc ] && [ "$USE_JSVC" = "true" ]; then
+ JAVACMD="/usr/bin/jsvc -nodetach -user ${TOMCAT_USER} -outfile ${CATALINA_BASE}/logs/catalina.out -errfile ${CATALINA_BASE}/logs/catalina.out"
+ if [ "$1" = "stop" ]; then
+ JAVACMD="${JAVACMD} -stop"
+ fi
+fi
+
if [ "$1" = "start" ]; then
${JAVACMD} $JAVA_OPTS $CATALINA_OPTS \
-classpath "$CLASSPATH" \
diff --git a/tomcat.spec b/tomcat.spec
index cc6325f..3fd188d 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -54,7 +54,7 @@
Name: tomcat
Epoch: 0
Version: %{major_version}.%{minor_version}.%{micro_version}
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
Group: System Environment/Daemons
@@ -615,6 +615,13 @@ fi
%{_initrddir}/%{name}
%changelog
+* Mon Dec 12 2011 Joseph D. Wagner <joe@josephdwagner.info> 0:7.0.23-2
+- Added support to /usr/sbin/tomcat-sysd and /usr/sbin/tomcat for
+ starting tomcat with jsvc, which allows tomcat to perform some
+ privileged operations (e.g. bind to a port < 1024) and then switch
+ identity to a non-privileged user. Must add USE_JSVC="true" to
+ /etc/tomcat/tomcat.conf or /etc/sysconfig/tomcat.
+
* Mon Nov 28 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.23-1
- Updated to 7.0.23