Re: [Aimmath-developers] tomcat and AIM (RE:was installlin.html)
Brought to you by:
gustav_delius,
npstrick
Menu
▾
▴
Re: [Aimmath-developers] tomcat and AIM (RE:was installlin.html)
|
From: Greg G. <gr...@ma...> - 2003-08-31 16:42:16
|
On Sun, 31 Aug 2003, Manolis Mavrikis wrote: > Greg asked: > > Can you explain that please? Have you created a group or user for tomcat4? > > ... so that it need not run as root, or something? Up 'til now tomcat here > > has been running as root and hence writes various things like compiled AIM > > questions with root permissions. Do you avoid that? > ... > What happened is at some point I installed tomcat 4.1.something that came > with an RPM. This creates a tomcat4 user and a tomcat4 group who has > privildges to start, stop tomcat etc. Also when an application starts it > gives ownership of all files to tomcat4 user. ... > Perhaps all of these work with any created user and for instance one could > create a user (perhaps a special one, I am not a good linux admin sorry) on > their own and chown -R the whole dir to it and have the same effect... why > don't you try it ? I would really want to know. Ahh! ... all makes complete sense now. Thanks Manolis for all the explanations, (sorry for the delay of my reply). Indeed, I'm sure there is nothing special about the `tomcat4' user and/or group. It could just as easily be `tomcat' or `aim' for that matter. I just checked the tomcat doc file RUNNING.txt and it explains that ports <= 1024 require root permissions to bind to (hence why with port 80, I've actually needed to run tomcat as root, as many including Gustav had suggested). What had confused me was that with 8080 being the default port that tomcat binds to, I had some sort of muddled notion that 80 was somehow an abbreviation (since that used to be the default port used in previous incarnations of AIM). Anyway, I'm sure that if you leave server.xml specifying port 8080 then all that one needs to do is add the manager to the group for tomcat (whatever was decided) ... I think I'd recommend (given the usual scenario that tomcat is used exclusively for AiM), that the user and group for the whole /usr/local/tomcat directory be set to aim. Then the manager could login as aim to start up tomcat and edit anything in the webapps directory as well. Also, if the manager as an ordinary user is in the group for aim then he/she will be able to read/write/execute anything that has those group permissions, which may actually mean that he/she will need to login as aim and do a `chmod g+..' on files (where .. is the appropriate substring or rwx needed) occasionally. > > Is this with any Tomcat e.g. 4.1.18 (what I currently have) ... and with > > port 80, I guess that becomes > > > > http://localhost/manager/stop?path=/AIM > > the manager application is usually disabled you have to add something at the > server.xml see > > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/manager-howto.html > > ... > it works remotely but it's pretty safe as it needs a password (which you set > at the users xml in conf directory BTW if you do the tomcat4 user chmod then > it's better to leave this directory to root) That was easy ... as the howto explained I added a line <user name="..." password="..." roles="manager" /> for appropriate ...s in /usr/local/tomcat/conf/tomcat-users.xml and the lines <Context path="/manager" debug="0" privileged="true" docBase="/usr/local/tomcat/server/webapps/manager"/> in server.xml to activate the manager, and restarted tomcat. Then http://.../manager/stop?path=/AiM where ... is our server's URL, etc. worked fine. The beauty of this is that it closes down just AiM and leaves the other parallel installations alone ... very nice! BTW I find the stopaim.sh and startaim.sh scripts in the original webapps/ROOT/WEB-INF still happily (shuts down)/(starts up) tomcat ... I think you suggested that you needed to use /usr/local/tomcat/bin/shutdown.sh etc. ... as far as I can work out stopaim.sh and startaim.sh are simply simplified versions of shutdown.sh and startup.sh. I'm not sure how much of this we want to tell an installer of AiM. I guess I'll write some of it and if it starts looking too long and complicated, just suggest that he/she read the appropriate docs of tomcat. Regards, Greg |
