> From: Gregor Schneider
>
> I feel that ppl have a problem if they mistrust their developers in so
> far that they have to lock their box even to their own developers
> maintaing the apps. And I'm not talking about full access but I'm
> talking about browsing the logs.
>
> Besides, when havi
Mladen,
On Thu, Dec 2, 2010 at 12:37 PM, Mladen Turk wrote:
> On 12/02/2010 12:05 PM, Gregor Schneider wrote:
>
> If your developers need to see the stdout of the Tomcat
> on the production server then you have a serious problem.
> The first one that I find (well funny) is that they can access
>
On 12/02/2010 12:05 PM, Gregor Schneider wrote:
Besides, all logs are owned by tomcat:tomcat (as it should be) - the
only exception is catalina.out.
I guess you agree that this is not what somebody would call
"consistent" behaviour...
The catalina.out is written by a parent process running
u
: Our general umask is set to 0022 - still, jsvc give
root-owbership to catalina.out
> Is it possible that if catalina.out already exists and is owned by, say,
> "tomcat", that it's ownership will be retained when jsvc opens it for
> append? If that's the case, you may ha
when jsvc opens it for
append? If that's the case, you may have simply deleted the file during
your upgrade and had it re-created by jsvc (owned by root) after the fact.
Can you tell us what version of jsvc you were using in the past, and
what version you're using now?
I can'
Can someone explain to me why logging as the tomcat user is a security risk?
I don't like that behaviour but then again I don't understand it.
Regards,
Wesley Acheson
On Wed, Dec 1, 2010 at 6:41 PM, Mladen Turk wrote:
> On 12/01/2010 11:55 AM, Gregor Schneider wrote:
>>>
>> Sure, since Apache
On 12/01/2010 11:55 AM, Gregor Schneider wrote:
Sure, since Apache is usually started within root-context ("sbin") -
so that does make sense.
Right but it drops the user to apache if instructed to do so.
Even then logs are root owned, and this is security
precaution (like with jsvc)
And i
Gregor Schneider wrote:
Hi André,
long time no see ;)
On Wed, Dec 1, 2010 at 12:20 PM, André Warnier wrote:
As far as I know, these startup scripts are created by the packagers of
Debian, RedHat etc.. when they wrap Tomcat in a platform-specific package.
/They/ are the ones who decide how the
Hi André,
long time no see ;)
On Wed, Dec 1, 2010 at 12:20 PM, André Warnier wrote:
>
> As far as I know, these startup scripts are created by the packagers of
> Debian, RedHat etc.. when they wrap Tomcat in a platform-specific package.
> /They/ are the ones who decide how they call up jsvc, whe
Gregor, (by the way, hi!)
But what's really puzzling me - and for which I don't have any
explanation - is, that with the old version of jsvc, catalina.out had
${TOMCAT_USER}-ownership (mind you: in the startup-script there's a
"su ${TOMCAT-USER} before starting jsvc), and to me it seems that thi
Christopher,
On Tue, Nov 30, 2010 at 10:33 PM, Christopher Schultz
wrote:
>
> Apache httpd acts this way:
>
Sure, since Apache is usually started within root-context ("sbin") -
so that does make sense.
When talking about servers, I'm not talking about a webserver but a
server such as Debian, Red
Konstantin,
On Tue, Nov 30, 2010 at 9:42 PM, Konstantin Kolinko
wrote:
>
> The above one is tomcat-native, aka Tomcat-Apr,
> a library that provides code for Http11AprProtocol and AjpAprProtocol
> connectors.
>
> This one is commons-daemon, which gives you jsvc.
>
> http://commons.apache.org/daem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gregor,
On 11/30/2010 4:18 PM, Gregor Schneider wrote:
> Mladen,
>
>> Believe it or not, this is intentional and correct behavior.
>> Almost any server behaves like that.
>
> thanks for sharing your views on this one, which I, however, do not share
Mladen,
Believe it or not, this is intentional and correct behavior.
Almost any server behaves like that.
thanks for sharing your views on this one, which I, however, do not share at
all
besides, no server behaves like you're stating:
if an application is started in a non-root-context and prod
2010/11/30 Gregor Schneider :
> Well, in the old version, there was the archive "tomcat-native.tar.gz"
> containing the sources for the native wrapper.
The above one is tomcat-native, aka Tomcat-Apr,
a library that provides code for Http11AprProtocol and AjpAprProtocol
connectors.
http://tomcat.
On 11/30/2010 07:31 PM, Gregor Schneider wrote:
Hi guys,
What's really puzzling me, is, that since we upgraded Tomcat,
catalina.out is not owned by the user specified in $TOMCAT_USER any
more but is owned by root.
Believe it or not, this is intentional and correct behavior.
Almost any s
&1' \
$JAVA_OPTS \
$CATALINA_OPTS \
-cp $CLASSPATH \
org.apache.catalina.startup.Bootstrap
exit $?
;;
What's really puzzling me, is, that since we upgraded Tomcat,
catalina.out is not owned by the user specified in $TOMCAT_USER any
more but is owned by root.
All other files are
Hassan Schroeder wrote:
On Mon, Jun 29, 2009 at 8:55 AM, Melanie
Pfefer wrote:
Any idea what makes web applications owned by root even though tomcat runs as a
non-root user?
Uh, they were installed by root? :-)
Uh, Uh. What do you mean by "web applications owned by root" anyway
On Mon, Jun 29, 2009 at 8:55 AM, Melanie
Pfefer wrote:
> Any idea what makes web applications owned by root even though tomcat runs as
> a non-root user?
Uh, they were installed by root? :-)
--
Hassan Schroeder hassan.schroe...@gma
Melanie Pfefer wrote:
> Hi
>
> Any idea what makes web applications owned by root even though tomcat runs as
> a non-root user? (I have mod_jk installed and apache running as root)
>
> Thank you,
>
>
>
I have two thoughts:
1. You installed the webapp as root which
Hi
Any idea what makes web applications owned by root even though tomcat runs as a
non-root user? (I have mod_jk installed and apache running as root)
Thank you,
-
To unsubscribe, e-mail: users-unsubscr
gt; From: [EMAIL PROTECTED]
> To: users@tomcat.apache.org
> Subject: Re: jsvc creates pid file owned by root
>
> [EMAIL PROTECTED] wrote:
> > See Thread at: http://www.techienuggets.com/Detail?tx=31984 Posted on
> > behalf of a User
> >
> >
> >>> Y
e pid file is created with permissions 600 and owned by root.
I want to be able to read the pid file to check if the Tomcat process is up
and running
and also for other purposes.
Is it possible to make the pid file be owned by the user that runs Tomcat or
have the permissions to be set to 666
created with permissions 600 and owned by root.
I want to be able to read the pid file to check if the Tomcat process is up
and running
and also for other purposes.
Is it possible to make the pid file be owned by the user that runs Tomcat or
have the permissions to be set to 666?
Regards
Gunnar
--
ecause a new shell is
created each time.
As I posted in my example, I set umask to 027 in my jsvc startup script
and it works just fine. tomcat starts as root, binds to the ports and
then switches to the 'tomcat' user. The pid file is owned by root (as it
should be) and files created by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gunnar,
Gunnar Boström wrote:
| I would be fine with 644 but I don't know how to set that.
| The file is owned by root so I'm not allowed to change it.
| My umask is by default 0022 which should be okay. I tried to set the
mask to
| 0
Hi,
Answers to all of you who has responded.
I would be fine with 644 but I don't know how to set that.
see umask above
The file is owned by root so I'm not allowed to change it.
My umask is by default 0022 which should be okay. I tried to set the mask to
but no change.
read about l
Hi,
Answers to all of you who has responded.
I would be fine with 644 but I don't know how to set that.
The file is owned by root so I'm not allowed to change it.
My umask is by default 0022 which should be okay. I tried to set the mask to
but no change.
I created a pid fil
Do you *really* want that file to be world-writable? Why not 644?
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.
pgp8EEJOzvw1S.pgp
Description: PGP signature
Hi,
can you set the umask before you run jsvc ?
Rgds
Fred
Gunnar Boström wrote:
>
> Hi,
>
> I can start and stop Tomcat 5.5 with the jsvc program but the problem is
> that the pid file is created with permissions 600 and owned by root.
> I want to be able to read the pi
t; --David
>
> Gunnar Boström wrote:
>
> >Hi,
> >
> >I can start and stop Tomcat 5.5 with the jsvc program but
> the problem is
> >that the pid file is created with permissions 600 and owned by root.
> >I want to be able to read the pid file to chec
cific folders. Or you could
modify your service script to chmod the pid file on startup.
--David
Gunnar Boström wrote:
Hi,
I can start and stop Tomcat 5.5 with the jsvc program but the problem is
that the pid file is created with permissions 600 and owned by root.
I want to be able to read th
Hi,
I can start and stop Tomcat 5.5 with the jsvc program but the problem is
that the pid file is created with permissions 600 and owned by root.
I want to be able to read the pid file to check if the Tomcat process is up
and running
and also for other purposes.
Is it possible to make the pid
33 matches
Mail list logo
