[java-sig-commits] [Bug 761623] New: Feature Request: support jsvc for starting tomcat
bugzilla at redhat.com
bugzilla at redhat.com
Thu Dec 8 18:25:25 UTC 2011
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: Feature Request: support jsvc for starting tomcat
https://bugzilla.redhat.com/show_bug.cgi?id=761623
Summary: Feature Request: support jsvc for starting tomcat
Product: Fedora
Version: rawhide
Platform: All
OS/Version: Linux
Status: NEW
Severity: low
Priority: unspecified
Component: tomcat
AssignedTo: ivan.afonichev at gmail.com
ReportedBy: joe at josephdwagner.info
QAContact: extras-qa at fedoraproject.org
CC: akurtako at redhat.com,
java-sig-commits at lists.fedoraproject.org,
ivan.afonichev at gmail.com
Classification: Fedora
Story Points: ---
Type: ---
Created attachment 542672
--> https://bugzilla.redhat.com/attachment.cgi?id=542672
Proof of concept patches.
Currently, systemd starts tomcat as using the unprivileged account 'tomcat' for
security reasons. This has the side effect of not being able to run tomcat on
privileged ports.
There are two workarounds for this: 1) use iptables to forward port 80 traffic
to port 8080, or 2) use mod_proxy on apache.
A third workaround is to use jsvc to start tomcat as root and then drop
privileges once tomcat has bound to the ports. However, this option is not
supported out-of-the-box.
My attached patches to /usr/sbin/tomcat-sysd and /usr/sbin/tomcat change this
so that the third workaround is supported out-of-the-box. It uses systemd to
start and stop jsvc, which in turn controls tomcat. These patches were tested
successfully on my own system.
Unfortunately, I do not believe these patches are of production quality. I
consider them more to be proof-of-concept code. In addition to the cleanliness
of the code, I have two concerns: 1) my code automatically chooses jsvc when
present; for production, you may want to make it an option in
/etc/sysconfig/tomcat instead, and 2) I'm not sure my patches correctly handle
the pidfile and logging files under jsvc.
I hope, however, that my patches will kickstart the development process. I
believe supporting this third workaround would be a real benefit to RedHat and
Fedora.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the java-sig-commits
mailing list