Tomcat 4.0/Solaris why doesn't tomcat follow soft links?

[Robert Evans <rb...@akane.jhuapl.edu>]

Greetings,

I am in the process of configuring Tomcat to be used with several classes 
at the Johns Hopkins University.  I would like to have each student have 
their own webapp in their public_html directory.

I tried Tomcat 3.2.1, but couldn't get the security policy to work right 
(all jsp pages kept wanting to use the examples directory?)

I am trying Tomcat 4.0B5, and was going to use soft links in the webapps 
directory to point to each students public_html directory.  The only 
problem is that Tomcat doesn't seem to want to follow the soft links.  If I 
make a real directory in the webapps dir, everything works fine, but if I 
try to use a soft linked one, I get:

      Http Status 503 - This application is not currently available

      The requested service(This application is not currently available) is 
not currently available

Any suggestions/help would be greatly appreciated.  If I don't get this 
working within a week, it'll be back to the Java Web Server.  :-(

Bob

Re: Tomcat 4.0/Solaris why doesn't tomcat follow soft links?

[Glenn Nielsen <gl...@voyager.apg.more.net>]

Under unix the Java SecurityManager doesn't like soft links.
The reason is that the SecurityManager uses the real path when
evaluating the codebase.  Using Tomcat 4 you can configure the 
Context docBase to the realpath to the users public html directory.

Regards,

Glenn

Robert Evans wrote:
> 
> Greetings,
> 
> I am in the process of configuring Tomcat to be used with several classes
> at the Johns Hopkins University.  I would like to have each student have
> their own webapp in their public_html directory.
> 
> I tried Tomcat 3.2.1, but couldn't get the security policy to work right
> (all jsp pages kept wanting to use the examples directory?)
> 
> I am trying Tomcat 4.0B5, and was going to use soft links in the webapps
> directory to point to each students public_html directory.  The only
> problem is that Tomcat doesn't seem to want to follow the soft links.  If I
> make a real directory in the webapps dir, everything works fine, but if I
> try to use a soft linked one, I get:
> 
>       Http Status 503 - This application is not currently available
> 
>       The requested service(This application is not currently available) is
> not currently available
> 
> Any suggestions/help would be greatly appreciated.  If I don't get this
> working within a week, it'll be back to the Java Web Server.  :-(
> 
> Bob

-- 
----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------

Re: Tomcat 4.0/Solaris why doesn't tomcat follow soft links?

["Craig R. McClanahan" <cr...@apache.org>]

On Fri, 15 Jun 2001, Robert Evans wrote:

> Craig,
> 
> Thanks!  I missed that in the docs when I first went through them.  I found 
> the documentation on this feature, and now am wondering how much you know 
> about it.
> 
> On the system I am forced to configure this on, the users accounts are 
> mounted from a central nfs server.  This means that they do not have 
> entries in the /etc/passwd file, which I gather from the documentation is 
> used to generate the default Contexts.  It appears there is a "homeBase" 
> option which allows you to specify the location of a series of home 
> directories.  Do you know if I can use "/home", as the students directories 
> are automounted there?  Or do the home directories have to be hardmounted?
> 
> I'm experimenting with this option on a test server I have, and haven't 
> gotten it to work with a test case yet...If I get something working I'll 
> let you know.
> 

Well, since you're willing to be a bleeding edge pioneer (and since I
wrote this stuff), I'd *better* be willing to help!  :-)

If the users do not have entries in /etc/passwd, you are going to want to
use an alternative strategy to tell Tomcat what directories to look
at.  Try something like this:

  <Listener className="org.apache.catalina.startup.UserConfig"
       directory_name="public_html"
             homeBase="/home"
            userClass="org.apache.catalina.startup.HomesUserDatabase"/>

The key difference is that we're using a different "userClass" attribute
-- the one that says "mount all the user directories found in the
directory named by the 'homeBase' attribute" instead of the one that says
"mount all the user directories found in /etc/passwd".

Note also that, currently, Tomcat requires a user's public_html directory
to have a WEB-INF/web.xml file in it before it's recognized as a web
app.  That requirement is subject to negotiation (or perhaps even a
configuration flag) as far as I'm concerned, but it seemed correct when I
originally wrote this code.

And, of course, the operating system username under which you're running
Tomcat must have read access to the contents of the users's public_html
directories, and all the directories above them in the filesystem.

> A very appreciative,
> 
> Bob Evans
> 

Craig


> 
> At 10:56 AM 6/14/2001 -0700, you wrote:
> 
> 
> >On Thu, 14 Jun 2001, Robert Evans wrote:
> >
> > > Greetings,
> > >
> > > I am in the process of configuring Tomcat to be used with several classes
> > > at the Johns Hopkins University.  I would like to have each student have
> > > their own webapp in their public_html directory.
> > >
> > > I tried Tomcat 3.2.1, but couldn't get the security policy to work right
> > > (all jsp pages kept wanting to use the examples directory?)
> > >
> > > I am trying Tomcat 4.0B5, and was going to use soft links in the webapps
> > > directory to point to each students public_html directory.  The only
> > > problem is that Tomcat doesn't seem to want to follow the soft 
> > links.  If I
> > > make a real directory in the webapps dir, everything works fine, but if I
> > > try to use a soft linked one, I get:
> > >
> > >       Http Status 503 - This application is not currently available
> > >
> > >       The requested service(This application is not currently 
> > available) is
> > > not currently available
> > >
> > > Any suggestions/help would be greatly appreciated.  If I don't get this
> > > working within a week, it'll be back to the Java Web Server.  :-(
> > >
> > > Bob
> > >
> > >
> >
> >Not following symlinks is an unfortunate side effect of the processing
> >that Tomcat has to do to avoid directory name spoofing (/WeB-iNf) on case
> >insensitive platforms).  :-(
> >
> >For Tomcat 4, have you tried using the "user home directories" option, to
> >automatically recognize each student's public_html directory?  This will
> >save you having to configure them all into server.xml:
> >
> >     <Host name="localhost" ...>
> >
> >       ...
> >
> >       <Listener className="org.apache.catalina.startup.UserConfig"
> >             directoryName="public_html"
> >                 userClass="org.apache.catalina.startup.PasswdUserDatabase"/>
> >
> >       ...
> >
> >     </Host>
> >
> >Craig McClanahan
> 
> 
> 

Re: Tomcat 4.0/Solaris why doesn't tomcat follow soft links?

[Robert Evans <rb...@akane.jhuapl.edu>]

Craig,

Thanks!  I missed that in the docs when I first went through them.  I found 
the documentation on this feature, and now am wondering how much you know 
about it.

On the system I am forced to configure this on, the users accounts are 
mounted from a central nfs server.  This means that they do not have 
entries in the /etc/passwd file, which I gather from the documentation is 
used to generate the default Contexts.  It appears there is a "homeBase" 
option which allows you to specify the location of a series of home 
directories.  Do you know if I can use "/home", as the students directories 
are automounted there?  Or do the home directories have to be hardmounted?

I'm experimenting with this option on a test server I have, and haven't 
gotten it to work with a test case yet...If I get something working I'll 
let you know.

A very appreciative,

Bob Evans


At 10:56 AM 6/14/2001 -0700, you wrote:


>On Thu, 14 Jun 2001, Robert Evans wrote:
>
> > Greetings,
> >
> > I am in the process of configuring Tomcat to be used with several classes
> > at the Johns Hopkins University.  I would like to have each student have
> > their own webapp in their public_html directory.
> >
> > I tried Tomcat 3.2.1, but couldn't get the security policy to work right
> > (all jsp pages kept wanting to use the examples directory?)
> >
> > I am trying Tomcat 4.0B5, and was going to use soft links in the webapps
> > directory to point to each students public_html directory.  The only
> > problem is that Tomcat doesn't seem to want to follow the soft 
> links.  If I
> > make a real directory in the webapps dir, everything works fine, but if I
> > try to use a soft linked one, I get:
> >
> >       Http Status 503 - This application is not currently available
> >
> >       The requested service(This application is not currently 
> available) is
> > not currently available
> >
> > Any suggestions/help would be greatly appreciated.  If I don't get this
> > working within a week, it'll be back to the Java Web Server.  :-(
> >
> > Bob
> >
> >
>
>Not following symlinks is an unfortunate side effect of the processing
>that Tomcat has to do to avoid directory name spoofing (/WeB-iNf) on case
>insensitive platforms).  :-(
>
>For Tomcat 4, have you tried using the "user home directories" option, to
>automatically recognize each student's public_html directory?  This will
>save you having to configure them all into server.xml:
>
>     <Host name="localhost" ...>
>
>       ...
>
>       <Listener className="org.apache.catalina.startup.UserConfig"
>             directoryName="public_html"
>                 userClass="org.apache.catalina.startup.PasswdUserDatabase"/>
>
>       ...
>
>     </Host>
>
>Craig McClanahan

Re: Tomcat 4.0/Solaris server.xml file and public_html option

[Robert Evans <rb...@akane.jhuapl.edu>]

Craig,

I figured I'd follow up on my last question with one more, since I noticed 
that the in the documentation there is a sample bit of code that says 
http://www.mycompany.com:8080/~craigmcc, which I am assuming is 
you...indicating you may indeed know quite a bit about this particular feature.

Unfortunately, I have been unable to get anything to work yet, even on my 
test server.

In my server.xml file under the <Host name="localhost" ... section, I have:

         <!-- Automatically map a request path starting with a tilde
              character("~") and a username to a directory.  In this
              case to ~username/public.html -->

         <Listener className="org.apache.catalina.startup.UserConfig"
                   directoryName="public_html"
                   homeBase="/export/home"
                   userClass="org.apache.catalina.startup.PasswdUserDatabase"/>

I tried this with and without the homeBase option above.  I am using my own 
account as a test.  The entry in the /etc/passwd file is as follows:

        rbevans:x:5756:20:Robert Evans:/home/rbevans:/bin/csh

The account is automounted from /export/home/rbevans.  I tried the 
/export/home and /home options to homeBase, neither worked.

Any comments, hints or suggestions?

Bob

At 10:56 AM 6/14/2001 -0700, you wrote:


>On Thu, 14 Jun 2001, Robert Evans wrote:
>
> > Greetings,
> >
> > I am in the process of configuring Tomcat to be used with several classes
> > at the Johns Hopkins University.  I would like to have each student have
> > their own webapp in their public_html directory.
> >
> > I tried Tomcat 3.2.1, but couldn't get the security policy to work right
> > (all jsp pages kept wanting to use the examples directory?)
> >
> > I am trying Tomcat 4.0B5, and was going to use soft links in the webapps
> > directory to point to each students public_html directory.  The only
> > problem is that Tomcat doesn't seem to want to follow the soft 
> links.  If I
> > make a real directory in the webapps dir, everything works fine, but if I
> > try to use a soft linked one, I get:
> >
> >       Http Status 503 - This application is not currently available
> >
> >       The requested service(This application is not currently 
> available) is
> > not currently available
> >
> > Any suggestions/help would be greatly appreciated.  If I don't get this
> > working within a week, it'll be back to the Java Web Server.  :-(
> >
> > Bob
> >
> >
>
>Not following symlinks is an unfortunate side effect of the processing
>that Tomcat has to do to avoid directory name spoofing (/WeB-iNf) on case
>insensitive platforms).  :-(
>
>For Tomcat 4, have you tried using the "user home directories" option, to
>automatically recognize each student's public_html directory?  This will
>save you having to configure them all into server.xml:
>
>     <Host name="localhost" ...>
>
>       ...
>
>       <Listener className="org.apache.catalina.startup.UserConfig"
>             directoryName="public_html"
>                 userClass="org.apache.catalina.startup.PasswdUserDatabase"/>
>
>       ...
>
>     </Host>
>
>Craig McClanahan

RE: Tomcat 4.0/Solaris why doesn't tomcat follow soft links?

[Martin van den Bemt <mv...@mvdb.com>]

We have for all developers apache + tomcat running on different ports.
(7401, 7501, 7601 and 7701). Most of the stuff from apache is symlinked and
the core of tomcat is shared. so the home directory looks a bit like this :
(please think /home/<username>/ in front of the directories
apache
bin   (shell scripts such as tomcat.sh, startup.sh, apachectl etc)
conf  (tomcat and apache conf, using the correct port numbers)
devel (developers stuff, such as checkout)
htdocs
lib
logs -> /home/martin/apache/logs
shared -> /home/shared
webapps
work

Have fun,
Martin van den Bemt

> -----Original Message-----
> From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> Sent: Thursday, June 14, 2001 7:56 PM
> To: Robert Evans
> Cc: tomcat-dev@jakarta.apache.org
> Subject: Re: Tomcat 4.0/Solaris why doesn't tomcat follow soft links?
>
>
>
>
> On Thu, 14 Jun 2001, Robert Evans wrote:
>
> > Greetings,
> >
> > I am in the process of configuring Tomcat to be used with
> several classes
> > at the Johns Hopkins University.  I would like to have each
> student have
> > their own webapp in their public_html directory.
> >
> > I tried Tomcat 3.2.1, but couldn't get the security policy to
> work right
> > (all jsp pages kept wanting to use the examples directory?)
> >
> > I am trying Tomcat 4.0B5, and was going to use soft links in
> the webapps
> > directory to point to each students public_html directory.  The only
> > problem is that Tomcat doesn't seem to want to follow the soft
> links.  If I
> > make a real directory in the webapps dir, everything works
> fine, but if I
> > try to use a soft linked one, I get:
> >
> >       Http Status 503 - This application is not currently available
> >
> >       The requested service(This application is not currently
> available) is
> > not currently available
> >
> > Any suggestions/help would be greatly appreciated.  If I don't get this
> > working within a week, it'll be back to the Java Web Server.  :-(
> >
> > Bob
> >
> >
>
> Not following symlinks is an unfortunate side effect of the processing
> that Tomcat has to do to avoid directory name spoofing (/WeB-iNf) on case
> insensitive platforms).  :-(
>
> For Tomcat 4, have you tried using the "user home directories" option, to
> automatically recognize each student's public_html directory?  This will
> save you having to configure them all into server.xml:
>
>     <Host name="localhost" ...>
>
>       ...
>
>       <Listener className="org.apache.catalina.startup.UserConfig"
>             directoryName="public_html"
>
> userClass="org.apache.catalina.startup.PasswdUserDatabase"/>
>
>       ...
>
>     </Host>
>
> Craig McClanahan
>
>
>

Re: Tomcat 4.0/Solaris why doesn't tomcat follow soft links?

["Craig R. McClanahan" <cr...@apache.org>]

On Thu, 14 Jun 2001, Robert Evans wrote:

> Greetings,
> 
> I am in the process of configuring Tomcat to be used with several classes 
> at the Johns Hopkins University.  I would like to have each student have 
> their own webapp in their public_html directory.
> 
> I tried Tomcat 3.2.1, but couldn't get the security policy to work right 
> (all jsp pages kept wanting to use the examples directory?)
> 
> I am trying Tomcat 4.0B5, and was going to use soft links in the webapps 
> directory to point to each students public_html directory.  The only 
> problem is that Tomcat doesn't seem to want to follow the soft links.  If I 
> make a real directory in the webapps dir, everything works fine, but if I 
> try to use a soft linked one, I get:
> 
>       Http Status 503 - This application is not currently available
> 
>       The requested service(This application is not currently available) is 
> not currently available
> 
> Any suggestions/help would be greatly appreciated.  If I don't get this 
> working within a week, it'll be back to the Java Web Server.  :-(
> 
> Bob
> 
> 

Not following symlinks is an unfortunate side effect of the processing
that Tomcat has to do to avoid directory name spoofing (/WeB-iNf) on case
insensitive platforms).  :-(

For Tomcat 4, have you tried using the "user home directories" option, to
automatically recognize each student's public_html directory?  This will
save you having to configure them all into server.xml:

    <Host name="localhost" ...>

      ...

      <Listener className="org.apache.catalina.startup.UserConfig"
            directoryName="public_html"
                userClass="org.apache.catalina.startup.PasswdUserDatabase"/>

      ...

    </Host>

Craig McClanahan