A better way to do this would be to setup something like xinetd
listening on a socket and use a connection to the socket to trigger the
execution. You can write a configuration/parameters file in a location.
Just a point: when you use runtime.exec on Linux, it does a fork of the
process. That DOUBLES your process space memory. IOW, if tomcat's
running with 4GB of memory, when you do a runtime.exec, that's going to
double your memory usage to 8GB while the process runs. If you're not
planning for this, it can be a nasty shock.
On 5/21/2019 11:52 AM, Claude Brisson wrote:
Hi all.
I use tomcat 8.5.39 and java oracle 1.8.0_191 on linux (ubuntu 19.04).
Tomcat was installed by apt-get and runs as a service.
If I open a shell as the tomcat8 user, I can launch a Java program
which successfully executes a sudo command in a sub-process.
But from a Java servlet, the code fails with this error from the sudo
executable:
sudo: effective uid is not 0, is /usr/bin/sudo on a file system
with the 'nosuid' option set or an NFS file system without root
privileges?
which means that somehow, the tomcat process was unable or unwilling
to honor the setuid flag of the sudo command.
Is it a special security measure ?
If yes, is it set in tomcat ? in the JVM ? In Ubuntu's tomcat8 service
packaging? In systemd config?
And is there any configuration option to relax it?
Thanks,
Claude
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
George S.
*MH Software, Inc.*
Voice: 303 438 9585
http://www.mhsoftware.com
