support jsvc for starting tomcat

2012-01-12 01:28:30 +04:00 · 2012-01-12 01:28:30 +04:00 · a4cdf56b82
parent 4cfe7cc5cd
commit a4cdf56b82
3 changed files with 29 additions and 1 deletions
--- a/tomcat-7.0-tomcat-sysd
+++ b/tomcat-7.0-tomcat-sysd
@ -72,6 +72,12 @@ function start() {
      chown ${TOMCAT_USER}:${TOMCAT_USER} $TOMCAT_LOG
    fi

+    # if jsvc installed and USE_JSVC=true
+    # then start as root and use jsvc to drop privileges
+    if [ -x /usr/bin/jsvc ] && [ "$USE_JSVC" = "true" ]; then
+      TOMCAT_USER="root"
+    fi
+
    parseOptions  
    if [ "$SECURITY_MANAGER" = "true" ]; then
       $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start-security" >> $TOMCAT_LOG 2>&1 
@ -81,6 +87,12 @@ function start() {
 }

 function stop() {
+    # if jsvc installed and USE_JSVC=true
+    # then start as root and use jsvc to drop privileges
+    if [ -x /usr/bin/jsvc ] && [ "$USE_JSVC" = "true" ]; then
+      TOMCAT_USER="root"
+    fi
+
    parseOptions  
    $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} stop" >> $TOMCAT_LOG 2>&1
 }
--- a/tomcat-7.0.wrapper
+++ b/tomcat-7.0.wrapper
@ -26,6 +26,15 @@ CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar"
 CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
 CLASSPATH="${CLASSPATH}:$(build-classpath commons-daemon 2>/dev/null)"

+# if jsvc installed and USE_JSVC=true
+# then use jsvc instead of calling java directly
+if [ -x /usr/bin/jsvc ] && [ "$USE_JSVC" = "true" ]; then
+  JAVACMD="/usr/bin/jsvc -nodetach -user ${TOMCAT_USER} -outfile ${CATALINA_BASE}/logs/catalina.out -errfile ${CATALINA_BASE}/logs/catalina.out"
+  if [ "$1" = "stop" ]; then
+    JAVACMD="${JAVACMD} -stop"
+  fi
+fi
+
 if [ "$1" = "start" ]; then
  ${JAVACMD} $JAVA_OPTS $CATALINA_OPTS \
    -classpath "$CLASSPATH" \
--- a/tomcat.spec
+++ b/tomcat.spec
@ -54,7 +54,7 @@
 Name:          tomcat
 Epoch:         0
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       1%{?dist}
+Release:       2%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API

 Group:         System Environment/Daemons
@ -615,6 +615,13 @@ fi
 %{_initrddir}/%{name}

 %changelog
+* Mon Dec 12 2011 Joseph D. Wagner <joe@josephdwagner.info> 0:7.0.23-2
+- Added support to /usr/sbin/tomcat-sysd and /usr/sbin/tomcat for
+  starting tomcat with jsvc, which allows tomcat to perform some
+  privileged operations (e.g. bind to a port < 1024) and then switch
+  identity to a non-privileged user. Must add USE_JSVC="true" to
+  /etc/tomcat/tomcat.conf or /etc/sysconfig/tomcat.
+
 * Mon Nov 28 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.23-1
 - Updated to 7.0.23