diff options
author | Joseph D. Wagner <joe@josephdwagner.info> | 2012-01-12 01:28:30 +0400 |
---|---|---|
committer | Ivan Afonichev <ivan.afonichev@gmail.com> | 2012-01-12 01:28:30 +0400 |
commit | a4cdf56b82db3fd9a8405c21f6b73d2a31c5e49e (patch) | |
tree | 4b64659a4a579ee65ba2ba805f85752a745acb66 | |
parent | 4cfe7cc5cd0f75874001c7a1c0a872192b2c0924 (diff) | |
download | tomcat-a4cdf56b82db3fd9a8405c21f6b73d2a31c5e49e.tar.gz tomcat-a4cdf56b82db3fd9a8405c21f6b73d2a31c5e49e.tar.xz tomcat-a4cdf56b82db3fd9a8405c21f6b73d2a31c5e49e.zip |
support jsvc for starting tomcat
-rw-r--r-- | tomcat-7.0-tomcat-sysd | 12 | ||||
-rw-r--r-- | tomcat-7.0.wrapper | 9 | ||||
-rw-r--r-- | tomcat.spec | 9 |
3 files changed, 29 insertions, 1 deletions
diff --git a/tomcat-7.0-tomcat-sysd b/tomcat-7.0-tomcat-sysd index 1e79816..af3ed17 100644 --- a/tomcat-7.0-tomcat-sysd +++ b/tomcat-7.0-tomcat-sysd @@ -72,6 +72,12 @@ function start() { chown ${TOMCAT_USER}:${TOMCAT_USER} $TOMCAT_LOG fi + # if jsvc installed and USE_JSVC=true + # then start as root and use jsvc to drop privileges + if [ -x /usr/bin/jsvc ] && [ "$USE_JSVC" = "true" ]; then + TOMCAT_USER="root" + fi + parseOptions if [ "$SECURITY_MANAGER" = "true" ]; then $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start-security" >> $TOMCAT_LOG 2>&1 @@ -81,6 +87,12 @@ function start() { } function stop() { + # if jsvc installed and USE_JSVC=true + # then start as root and use jsvc to drop privileges + if [ -x /usr/bin/jsvc ] && [ "$USE_JSVC" = "true" ]; then + TOMCAT_USER="root" + fi + parseOptions $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} stop" >> $TOMCAT_LOG 2>&1 } diff --git a/tomcat-7.0.wrapper b/tomcat-7.0.wrapper index ad3091b..5a81ae2 100644 --- a/tomcat-7.0.wrapper +++ b/tomcat-7.0.wrapper @@ -26,6 +26,15 @@ CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar" CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar" CLASSPATH="${CLASSPATH}:$(build-classpath commons-daemon 2>/dev/null)" +# if jsvc installed and USE_JSVC=true +# then use jsvc instead of calling java directly +if [ -x /usr/bin/jsvc ] && [ "$USE_JSVC" = "true" ]; then + JAVACMD="/usr/bin/jsvc -nodetach -user ${TOMCAT_USER} -outfile ${CATALINA_BASE}/logs/catalina.out -errfile ${CATALINA_BASE}/logs/catalina.out" + if [ "$1" = "stop" ]; then + JAVACMD="${JAVACMD} -stop" + fi +fi + if [ "$1" = "start" ]; then ${JAVACMD} $JAVA_OPTS $CATALINA_OPTS \ -classpath "$CLASSPATH" \ diff --git a/tomcat.spec b/tomcat.spec index cc6325f..3fd188d 100644 --- a/tomcat.spec +++ b/tomcat.spec @@ -54,7 +54,7 @@ Name: tomcat Epoch: 0 Version: %{major_version}.%{minor_version}.%{micro_version} -Release: 1%{?dist} +Release: 2%{?dist} Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API Group: System Environment/Daemons @@ -615,6 +615,13 @@ fi %{_initrddir}/%{name} %changelog +* Mon Dec 12 2011 Joseph D. Wagner <joe@josephdwagner.info> 0:7.0.23-2 +- Added support to /usr/sbin/tomcat-sysd and /usr/sbin/tomcat for + starting tomcat with jsvc, which allows tomcat to perform some + privileged operations (e.g. bind to a port < 1024) and then switch + identity to a non-privileged user. Must add USE_JSVC="true" to + /etc/tomcat/tomcat.conf or /etc/sysconfig/tomcat. + * Mon Nov 28 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.23-1 - Updated to 7.0.23 |