You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Paul Downs <pa...@positive-internet.com> on 2001/09/13 15:05:35 UTC
Tomcat - Running as non root and thread limiting.
IMPORTANT! This message has been blind-carbon-copied to you.
Do not reply-to-all or forward it without the author's permission.
Hi,
Anther two questions (should be the last 2 and then maybe I can help
people). Is there any way in configuration to run tomcat as a non root
user, or is the only way to su to the user and then run tomcat? We have a
process killer that won't kill tasks with a main "root" thread, i.e. how
apache runs.
Secondly I have the following in server.xml
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter
name="handler"
value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
<Parameter
name="port"
value="8009"/>
<Parameter
name="max_threads"
value="100"/>
<Parameter
name="max_spare_threads"
value="20"/>
<Parameter
name="min_spare_threads"
value="10"/>
</Connector>
Which seems to be ok, and much more limited entries for apj12. However
when I start tomcat there are still well over 200 threads running and
normally nigh on 300! Help!
Paul
Re: Tomcat - Running as non root and thread limiting.
Posted by Paul Downs <pa...@positive-internet.com>.
Hi,
It is not listening on port 80, it is also now not running as root. The
tomcat instance is using mod_jk and is not serving any html, be it on port
80 or 8080. I cannot tell whether it is merely ignoring my thread config
or whether it is broken.
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter
name="handler"
value="org.apache.tomcat.service.connector.Ajp12ConnectionHandler"/>
<Parameter
name="port"
value="8007"/>
<Parameter
name="max_threads"
value="30"/>
<Parameter
name="max_spare_threads"
value="20"/>
<Parameter
name="min_spare_threads"
value="5" />
</Connector>
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter
name="handler"
value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
<Parameter
name="port"
value="8009"/>
<Parameter
name="max_threads"
value="100"/>
<Parameter
name="max_spare_threads"
value="20"/>
<Parameter
name="min_spare_threads"
value="10"/>
</Connector>
In my mind, the above config means I should never see tomcat with more
than 130 or so threads, yet it starts with at least 200:
# ps -ef|grep java|wc -l
287
Paul
Re: Tomcat - Running as non root and thread limiting.
Posted by Jonathan Eric Miller <je...@uchicago.edu>.
How do you get it to listen on port 80? I thought you needed to be root to
listen on ports less than 1024? I saw something in the release notes about a
JavaService or something, but, I haven't been able to locate much else on it
(running Tomcat as a non-root user).
Jon
----- Original Message -----
From: "Simon Brooke" <si...@beesianum.jasmine.org.uk>
To: <to...@jakarta.apache.org>
Sent: Friday, September 14, 2001 7:08 AM
Subject: Re: Tomcat - Running as non root and thread limiting.
>
> > Hi,
> > Anther two questions (should be the last 2 and then maybe I can
> > help people). Is there any way in configuration to run tomcat as a
> > non root user, or is the only way to su to the user and then run
> > tomcat? We have a process killer that won't kill tasks with a main
> > "root" thread, i.e. how apache runs.
>
> Surely! I *never* run tomcat as root. On my production servers it runs
> as user 'tomcat'. Create the user (and group if you like); unpack
> tomcat as that user, to create all the bits with that user's
> permissions; write your startup script to start tomcat as that user.
>
> --
> simon@jasmine.org.uk (Simon Brooke) http://www.jasmine.org.uk/~simon/
>
> ;; It appears that /dev/null is a conforming XSL processor.
>
Re: Tomcat - Running as non root and thread limiting.
Posted by Paul Downs <pa...@positive-internet.com>.
Hi,
> Surely! I *never* run tomcat as root. On my production servers it runs
> as user 'tomcat'. Create the user (and group if you like); unpack
> tomcat as that user, to create all the bits with that user's
> permissions; write your startup script to start tomcat as that user.
That is exactly what I ended up doing. It was just that we have this
little perl script that checks what non root processes are doing and kills
them if they use too much ram etc. etc. It helps to keep machines alive
really well. As you can imagine, running tomcat as user tomcat meant that
it was killed immediately. I was kind of hoping to switch uid/gid so that
the ppid of the processes where root owned and thus pss (the script) could
not kill it the main thread but could kill any children that went crazy.
As it was I managed to persuade one of the guys to let me alter the script
to allow tomcat. Just gotta hope the 600 damn threads it launches don't do
horrible things. My thread limitation entries in server.xml are still
being ignored.... oh well.
Paul
Re: Tomcat - Running as non root and thread limiting.
Posted by Simon Brooke <si...@beesianum.jasmine.org.uk>.
> Hi,
> Anther two questions (should be the last 2 and then maybe I can
> help people). Is there any way in configuration to run tomcat as a
> non root user, or is the only way to su to the user and then run
> tomcat? We have a process killer that won't kill tasks with a main
> "root" thread, i.e. how apache runs.
Surely! I *never* run tomcat as root. On my production servers it runs
as user 'tomcat'. Create the user (and group if you like); unpack
tomcat as that user, to create all the bits with that user's
permissions; write your startup script to start tomcat as that user.
--
simon@jasmine.org.uk (Simon Brooke) http://www.jasmine.org.uk/~simon/
;; It appears that /dev/null is a conforming XSL processor.