Run Tomcat as a daemon
Most installation that I've seen of Tomcat is made with tomcat running as root. This could potentially be a disasters security hole. Most Linux systems only allow the root to listen to port 80...which is why many users of tomcat under Linux run tomcat as root. With jscv, the process will start off as root but later on will change owner to a user of your choice.
- Create the user to run tomcat under with
useradd tomcatThis will create a directory under/home/tomcat
- Download and install tomcat under /home/tomcat. This is how my tomcat directory looks like
ls -l /home/tomcat drwxr-xr-x 3 tomcat tomcat 4096 Dec 13 02:51 bin drwxr-xr-x 6 tomcat tomcat 56 Sep 23 09:42 common drwxr-xr-x 3 tomcat tomcat 4096 Dec 13 05:18 conf -rw-r--r-- 1 tomcat tomcat 11357 Sep 23 09:44 LICENSE drwxr-xr-x 2 tomcat tomcat 25 Dec 13 02:51 logs -rw-r--r-- 1 tomcat tomcat 688 Sep 23 09:44 NOTICE -rw-r--r-- 1 tomcat tomcat 6403 Sep 23 09:42 RELEASE-NOTES -rw-r--r-- 1 tomcat tomcat 7006 Sep 23 09:44 RUNNING.txt drwxr-xr-x 5 tomcat tomcat 44 Sep 23 09:42 server drwxr-xr-x 4 tomcat tomcat 30 Sep 23 09:42 shared drwxr-xr-x 2 tomcat tomcat 6 Sep 23 09:42 temp drwxr-xr-x 3 tomcat tomcat 35 Dec 13 05:17 webapps drwxr-xr-x 3 tomcat tomcat 21 Dec 13 02:52 work
- Compile the jscv code by following the instructions on
Run As ServiceTomcat 5.x ships with a tomcat service file which you can use and modify. However, it's written to be used with Java 1.4. To use it with Java 1.5 you need to tweak it some more or use the following file. Please note the items in red. Tomcat user and the JDK path which you must update to fit your system. Also make sure the DAEMON_HOME executable is in the right place.
Start and StopTo start tomcat, use (on redhat)
This issue is why I've usually run Apache httpd using AJP to link to Tomcat. Httpd runs as root and Tomcat runs as user tomcat. But historically AJP had been a pain to set up (you need to compile mod_jk).
The new httpd 2.2 has mod_ajp which should be easier. I haven't used it but it looks terrific.
restart) # Takes maximum dumbass approach.... echo "Restarting tomcat service...." pushd . cd $CATALINA_HOME $CATALINA_HOME/bin/jsvc -Djava.endorsed.dirs=$CATALINA_HOME/common/endorsed \ -cp $CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar \ -outfile $CATALINA_HOME/logs/catalina.out \ -errfile $CATALINA_HOME/logs/catalina.err \ -user tomcat -stop org.apache.catalina.startup.Bootstrap echo "Shutdown complete, pausing before restart...." sleep 2 $CATALINA_HOME/bin/jsvc -Djava.endorsed.dirs=$CATALINA_HOME/common/endorsed \ -cp $CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar \ -outfile $CATALINA_HOME/logs/catalina.out \ -errfile $CATALINA_HOME/logs/catalina.err \ -user tomcat org.apache.catalina.startup.Bootstrap popd echo "Done"note the -stop switch. hth --Robin
status) if [[ -f $PID_FILE ]] then echo "found a pidfile so we are probably up and running." else echo "no pidfile so we are probably down." fi exit 1 ;;