HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Bootstrap

[MC Moisei <mc...@comcast.net>]

I know this is a Tomcat problem, I was wondering if anyone experienced 
this before and if there is a fix without compromising security.


> Hi,
>
> I manage to configure my tomcat with jsvc(common-daemon) and 
> everything work great till I start to launch it as root. If I run it 
> as tomcat user it does work great. If I try to run it as root from 
> command prompt or from init.d I get the following exception ( see below )
>
> Right are given as below
> chown -R tomcat:tomcat /usr/local/tomcat
> chown -R root:root /usr/local/tomcat/bin
> chown -R root:root /usr/local/tomcat/common
>
> This is not right - looks like the bootstrap is trying to access the 
> Realm and there is no write access to the conf/tomcat-users.xml file. 
> I can't believe the common-daemon not tomcat side didn't say a thing 
> about this, I bet there are others experiencing the matter.
> Do i have to disable Tomcat realms ? It doesn't sounds right. There is 
> no way I'd give "others" write access on that.
>
> Looking forward to hear from you if you experienced something similar.
> Thanks,
> MC
>
>
>
>
> Aug 1, 2005 7:23:15 PM org.apache.naming.NamingContext lookup
> WARNING: Unexpected exception resolving reference
> java.io.FileNotFoundException: 
> /usr/local/tomcat/tomcat_home/conf/tomcat-users.xml.new (Permission 
> denied)
>     at java.io.FileOutputStream.open(Native Method)
>     at java.io.FileOutputStream.<init>(FileOutputStream.java:179)
>     at java.io.FileOutputStream.<init>(FileOutputStream.java:131)
>     at 
> org.apache.catalina.users.MemoryUserDatabase.save(MemoryUserDatabase.java:462) 
>
>     at 
> org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUserDatabaseFactory.java:98) 
>
>     at 
> org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:129) 
>
>     at 
> javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:301)
>     at org.apache.naming.NamingContext.lookup(NamingContext.java:792)
>     at org.apache.naming.NamingContext.lookup(NamingContext.java:152)
>     at 
> org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalResourcesLifecycleListener.java:138) 
>
>     at 
> org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalResourcesLifecycleListener.java:108) 
>
>     at 
> org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.lifecycleEvent(GlobalResourcesLifecycleListener.java:80) 
>
>     at 
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) 
>
>     at 
> org.apache.catalina.core.StandardServer.start(StandardServer.java:676)
>     at org.apache.catalina.startup.Catalina.start(Catalina.java:537)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
>
>     at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
>
>     at java.lang.reflect.Method.invoke(Method.java:324)
>     at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
>
>     at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
>
>     at java.lang.reflect.Method.invoke(Method.java:324)
>     at 
> org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:218) 
>
> Aug 1, 2005 7:23:15 PM 
> org.apache.catalina.mbeans.GlobalResourcesLifecycleListener createMBeans
> SEVERE: Exception processing Global JNDI Resources
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org