[java-sig-commits] [Bug 761623] New: Feature Request: support jsvc for starting tomcat

bugzilla at redhat.com bugzilla at redhat.com
Thu Dec 8 18:25:25 UTC 2011 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: Feature Request: support jsvc for starting tomcat

https://bugzilla.redhat.com/show_bug.cgi?id=761623

           Summary: Feature Request: support jsvc for starting tomcat
           Product: Fedora
           Version: rawhide
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: low
          Priority: unspecified
         Component: tomcat
        AssignedTo: ivan.afonichev at gmail.com
        ReportedBy: joe at josephdwagner.info
         QAContact: extras-qa at fedoraproject.org
                CC: akurtako at redhat.com,
                    java-sig-commits at lists.fedoraproject.org,
                    ivan.afonichev at gmail.com
    Classification: Fedora
      Story Points: ---
              Type: ---


Created attachment 542672
  --> https://bugzilla.redhat.com/attachment.cgi?id=542672
Proof of concept patches.

Currently, systemd starts tomcat as using the unprivileged account 'tomcat' for
security reasons.  This has the side effect of not being able to run tomcat on
privileged ports.

There are two workarounds for this: 1) use iptables to forward port 80 traffic
to port 8080, or 2) use mod_proxy on apache.

A third workaround is to use jsvc to start tomcat as root and then drop
privileges once tomcat has bound to the ports.  However, this option is not
supported out-of-the-box.

My attached patches to /usr/sbin/tomcat-sysd and /usr/sbin/tomcat change this
so that the third workaround is supported out-of-the-box.  It uses systemd to
start and stop jsvc, which in turn controls tomcat.  These patches were tested
successfully on my own system.

Unfortunately, I do not believe these patches are of production quality.  I
consider them more to be proof-of-concept code.  In addition to the cleanliness
of the code, I have two concerns: 1) my code automatically chooses jsvc when
present; for production, you may want to make it an option in
/etc/sysconfig/tomcat instead, and 2) I'm not sure my patches correctly handle
the pidfile and logging files under jsvc.

I hope, however, that my patches will kickstart the development process.  I
believe supporting this third workaround would be a real benefit to RedHat and
Fedora.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the java-sig-commits mailing list