You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Andrew Feller <an...@gmail.com> on 2008/10/30 18:16:25 UTC
JSVC vs standard startup / shutdown scripts
QUESTION: What is the best practice for running Tomcat? JSVC daemon or
startup / shutdown scripts as a non-root user and forwarding HTTPS requests
to a non-privileged port?
While reading the Professional Apache Tomcat 6 (ISBN: 978-0-471-75361-2),
they recommend running Tomcat to start it up using the startup script
provided in the Tomcat binary and having your firewall forward requests from
HTTPS to a non-privileged port. This is very interesting for two reasons:
1. The book never mentions JSVC, which the Tomcat documentation does
2. We believed using JSVC was the only way to run as a non-root user,
which doesn't seem to be the case now
I would appreciate any feedback about the trade offs and why people choose
one over the other.
Thanks,
Andrew
Re: JSVC vs standard startup / shutdown scripts
Posted by David Smith <dn...@cornell.edu>.
Right. This is very much the same way other services like Apache httpd
do things. The privileged process is there to catch signals and open
ports for listening. The unprivileged process does the actual work.
--David
Andrew Ralph Feller, afelle1 wrote:
> Thanks for the reply David!
>
> If you startup jsvc and do "ps axu | grep jsvc", you will find two processes
> with one being owned by root and the other by the non-root account. The
> non-root process will actually handle the incoming requests, however the
> root process is needed to bind to port 443 since it is a privilege port.
>
>
> On 10/30/08 1:55 PM, "David Smith" <dn...@cornell.edu> wrote:
>
>
>>> I don't have any personal issue with moving to running Tomcat directly as
>>> the non-privileged account meant for Tomcat ...
>>>
>> Just to clarify, jsvc runs tomcat as an unprivileged user as well. One
>> advantage to jsvc is it allows tomcat to be run by itself without funky
>> iptables rules or a front-end server. It's a simpler setup and overall
>> I'm a firm believer in simpler = better.
>>
>> --David
>>
>> Andrew Ralph Feller, afelle1 wrote:
>>
>>> Thanks for the response Torsten!
>>>
>>> In our environment, the machines we have Tomcat running on strictly use
>>> Tomcat 6, APR for SSL support, and we load balance applications through an
>>> external load balancer. We have been able to get by without brining HTTPD
>>> for things like mod_rewrite or any of the PAMs, so I would like to keep it
>>> as simple as possible.
>>>
>>> I don't have any personal issue with moving to running Tomcat directly as
>>> the non-privileged account meant for Tomcat, however I am curious about the
>>> trade offs especially related to security.
>>>
>>> Thanks!
>>>
>>> On 10/30/08 12:37 PM, "Torsten.Romer@teliasonera.com"
>>> <To...@teliasonera.com> wrote:
>>>
>>>
>>>
>>>> Hi Andrew,
>>>>
>>>> We let all our Tomcats run on a non-privileged port and use some init script
>>>> using startup.sh/shutdown.sh, and have an Apache httpd forwarding requests
>>>> with AJP.
>>>>
>>>> We then use Apache httpd for things like terminating SSL, do RADIUS or LDAP
>>>> authentication, load balancing several Tomcat instances and so on.
>>>>
>>>> I think it is a good and common setup like that.
>>>>
>>>> Torsten
>>>>
>>>> -----Original Message-----
>>>> From: Andrew Feller [mailto:andrew.feller@gmail.com]
>>>> Sent: 30. oktober 2008 18:16
>>>> To: users@tomcat.apache.org
>>>> Cc: Brad Cupit
>>>> Subject: JSVC vs standard startup / shutdown scripts
>>>>
>>>> QUESTION: What is the best practice for running Tomcat? JSVC daemon or
>>>> startup / shutdown scripts as a non-root user and forwarding HTTPS requests
>>>> to a non-privileged port?
>>>>
>>>> While reading the Professional Apache Tomcat 6 (ISBN: 978-0-471-75361-2),
>>>> they recommend running Tomcat to start it up using the startup script
>>>> provided in the Tomcat binary and having your firewall forward requests from
>>>> HTTPS to a non-privileged port. This is very interesting for two reasons:
>>>>
>>>> 1. The book never mentions JSVC, which the Tomcat documentation does
>>>> 2. We believed using JSVC was the only way to run as a non-root user,
>>>> which doesn't seem to be the case now
>>>>
>>>> I would appreciate any feedback about the trade offs and why people choose
>>>> one over the other.
>>>>
>>>> Thanks,
>>>> Andrew
>>>>
>>>> ---------------------------------------------------------------------
>>>> To start a new topic, e-mail: users@tomcat.apache.org
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>>
>>>
>>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: JSVC vs standard startup / shutdown scripts
Posted by "Andrew Ralph Feller, afelle1" <af...@lsu.edu>.
Thanks for the reply David!
If you startup jsvc and do "ps axu | grep jsvc", you will find two processes
with one being owned by root and the other by the non-root account. The
non-root process will actually handle the incoming requests, however the
root process is needed to bind to port 443 since it is a privilege port.
On 10/30/08 1:55 PM, "David Smith" <dn...@cornell.edu> wrote:
>>
>> I don't have any personal issue with moving to running Tomcat directly as
>> the non-privileged account meant for Tomcat ...
>
> Just to clarify, jsvc runs tomcat as an unprivileged user as well. One
> advantage to jsvc is it allows tomcat to be run by itself without funky
> iptables rules or a front-end server. It's a simpler setup and overall
> I'm a firm believer in simpler = better.
>
> --David
>
> Andrew Ralph Feller, afelle1 wrote:
>> Thanks for the response Torsten!
>>
>> In our environment, the machines we have Tomcat running on strictly use
>> Tomcat 6, APR for SSL support, and we load balance applications through an
>> external load balancer. We have been able to get by without brining HTTPD
>> for things like mod_rewrite or any of the PAMs, so I would like to keep it
>> as simple as possible.
>>
>> I don't have any personal issue with moving to running Tomcat directly as
>> the non-privileged account meant for Tomcat, however I am curious about the
>> trade offs especially related to security.
>>
>> Thanks!
>>
>> On 10/30/08 12:37 PM, "Torsten.Romer@teliasonera.com"
>> <To...@teliasonera.com> wrote:
>>
>>
>>> Hi Andrew,
>>>
>>> We let all our Tomcats run on a non-privileged port and use some init script
>>> using startup.sh/shutdown.sh, and have an Apache httpd forwarding requests
>>> with AJP.
>>>
>>> We then use Apache httpd for things like terminating SSL, do RADIUS or LDAP
>>> authentication, load balancing several Tomcat instances and so on.
>>>
>>> I think it is a good and common setup like that.
>>>
>>> Torsten
>>>
>>> -----Original Message-----
>>> From: Andrew Feller [mailto:andrew.feller@gmail.com]
>>> Sent: 30. oktober 2008 18:16
>>> To: users@tomcat.apache.org
>>> Cc: Brad Cupit
>>> Subject: JSVC vs standard startup / shutdown scripts
>>>
>>> QUESTION: What is the best practice for running Tomcat? JSVC daemon or
>>> startup / shutdown scripts as a non-root user and forwarding HTTPS requests
>>> to a non-privileged port?
>>>
>>> While reading the Professional Apache Tomcat 6 (ISBN: 978-0-471-75361-2),
>>> they recommend running Tomcat to start it up using the startup script
>>> provided in the Tomcat binary and having your firewall forward requests from
>>> HTTPS to a non-privileged port. This is very interesting for two reasons:
>>>
>>> 1. The book never mentions JSVC, which the Tomcat documentation does
>>> 2. We believed using JSVC was the only way to run as a non-root user,
>>> which doesn't seem to be the case now
>>>
>>> I would appreciate any feedback about the trade offs and why people choose
>>> one over the other.
>>>
>>> Thanks,
>>> Andrew
>>>
>>> ---------------------------------------------------------------------
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
Andrew R. Feller, Analyst
Information Technology Services
200 Fred Frey Building
Louisiana State University
Baton Rouge, LA 70803
(225) 578-3737 (Office)
(225) 578-6400 (Fax)
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: JSVC vs standard startup / shutdown scripts
Posted by To...@teliasonera.com.
> simpler = better
Fully agree. Keep it simple.
We however have to put an httpd in front in the DMZ anyway because our security people would never allow us to put any business logic there. And they want us to change protocol on the way to the application so the switch from HTTPS to AJP is good to calm them down.
Torsten
-----Original Message-----
From: David Smith [mailto:dns4@cornell.edu]
Sent: 30. oktober 2008 19:55
To: Tomcat Users List
Subject: Re: JSVC vs standard startup / shutdown scripts
>
> I don't have any personal issue with moving to running Tomcat directly as
> the non-privileged account meant for Tomcat ...
Just to clarify, jsvc runs tomcat as an unprivileged user as well. One
advantage to jsvc is it allows tomcat to be run by itself without funky
iptables rules or a front-end server. It's a simpler setup and overall
I'm a firm believer in simpler = better.
--David
Andrew Ralph Feller, afelle1 wrote:
> Thanks for the response Torsten!
>
> In our environment, the machines we have Tomcat running on strictly use
> Tomcat 6, APR for SSL support, and we load balance applications through an
> external load balancer. We have been able to get by without brining HTTPD
> for things like mod_rewrite or any of the PAMs, so I would like to keep it
> as simple as possible.
>
> I don't have any personal issue with moving to running Tomcat directly as
> the non-privileged account meant for Tomcat, however I am curious about the
> trade offs especially related to security.
>
> Thanks!
>
> On 10/30/08 12:37 PM, "Torsten.Romer@teliasonera.com"
> <To...@teliasonera.com> wrote:
>
>
>> Hi Andrew,
>>
>> We let all our Tomcats run on a non-privileged port and use some init script
>> using startup.sh/shutdown.sh, and have an Apache httpd forwarding requests
>> with AJP.
>>
>> We then use Apache httpd for things like terminating SSL, do RADIUS or LDAP
>> authentication, load balancing several Tomcat instances and so on.
>>
>> I think it is a good and common setup like that.
>>
>> Torsten
>>
>> -----Original Message-----
>> From: Andrew Feller [mailto:andrew.feller@gmail.com]
>> Sent: 30. oktober 2008 18:16
>> To: users@tomcat.apache.org
>> Cc: Brad Cupit
>> Subject: JSVC vs standard startup / shutdown scripts
>>
>> QUESTION: What is the best practice for running Tomcat? JSVC daemon or
>> startup / shutdown scripts as a non-root user and forwarding HTTPS requests
>> to a non-privileged port?
>>
>> While reading the Professional Apache Tomcat 6 (ISBN: 978-0-471-75361-2),
>> they recommend running Tomcat to start it up using the startup script
>> provided in the Tomcat binary and having your firewall forward requests from
>> HTTPS to a non-privileged port. This is very interesting for two reasons:
>>
>> 1. The book never mentions JSVC, which the Tomcat documentation does
>> 2. We believed using JSVC was the only way to run as a non-root user,
>> which doesn't seem to be the case now
>>
>> I would appreciate any feedback about the trade offs and why people choose
>> one over the other.
>>
>> Thanks,
>> Andrew
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: JSVC vs standard startup / shutdown scripts
Posted by David Smith <dn...@cornell.edu>.
>
> I don't have any personal issue with moving to running Tomcat directly as
> the non-privileged account meant for Tomcat ...
Just to clarify, jsvc runs tomcat as an unprivileged user as well. One
advantage to jsvc is it allows tomcat to be run by itself without funky
iptables rules or a front-end server. It's a simpler setup and overall
I'm a firm believer in simpler = better.
--David
Andrew Ralph Feller, afelle1 wrote:
> Thanks for the response Torsten!
>
> In our environment, the machines we have Tomcat running on strictly use
> Tomcat 6, APR for SSL support, and we load balance applications through an
> external load balancer. We have been able to get by without brining HTTPD
> for things like mod_rewrite or any of the PAMs, so I would like to keep it
> as simple as possible.
>
> I don't have any personal issue with moving to running Tomcat directly as
> the non-privileged account meant for Tomcat, however I am curious about the
> trade offs especially related to security.
>
> Thanks!
>
> On 10/30/08 12:37 PM, "Torsten.Romer@teliasonera.com"
> <To...@teliasonera.com> wrote:
>
>
>> Hi Andrew,
>>
>> We let all our Tomcats run on a non-privileged port and use some init script
>> using startup.sh/shutdown.sh, and have an Apache httpd forwarding requests
>> with AJP.
>>
>> We then use Apache httpd for things like terminating SSL, do RADIUS or LDAP
>> authentication, load balancing several Tomcat instances and so on.
>>
>> I think it is a good and common setup like that.
>>
>> Torsten
>>
>> -----Original Message-----
>> From: Andrew Feller [mailto:andrew.feller@gmail.com]
>> Sent: 30. oktober 2008 18:16
>> To: users@tomcat.apache.org
>> Cc: Brad Cupit
>> Subject: JSVC vs standard startup / shutdown scripts
>>
>> QUESTION: What is the best practice for running Tomcat? JSVC daemon or
>> startup / shutdown scripts as a non-root user and forwarding HTTPS requests
>> to a non-privileged port?
>>
>> While reading the Professional Apache Tomcat 6 (ISBN: 978-0-471-75361-2),
>> they recommend running Tomcat to start it up using the startup script
>> provided in the Tomcat binary and having your firewall forward requests from
>> HTTPS to a non-privileged port. This is very interesting for two reasons:
>>
>> 1. The book never mentions JSVC, which the Tomcat documentation does
>> 2. We believed using JSVC was the only way to run as a non-root user,
>> which doesn't seem to be the case now
>>
>> I would appreciate any feedback about the trade offs and why people choose
>> one over the other.
>>
>> Thanks,
>> Andrew
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: JSVC vs standard startup / shutdown scripts
Posted by "Andrew Ralph Feller, afelle1" <af...@lsu.edu>.
Thanks for the response Torsten!
In our environment, the machines we have Tomcat running on strictly use
Tomcat 6, APR for SSL support, and we load balance applications through an
external load balancer. We have been able to get by without brining HTTPD
for things like mod_rewrite or any of the PAMs, so I would like to keep it
as simple as possible.
I don't have any personal issue with moving to running Tomcat directly as
the non-privileged account meant for Tomcat, however I am curious about the
trade offs especially related to security.
Thanks!
On 10/30/08 12:37 PM, "Torsten.Romer@teliasonera.com"
<To...@teliasonera.com> wrote:
> Hi Andrew,
>
> We let all our Tomcats run on a non-privileged port and use some init script
> using startup.sh/shutdown.sh, and have an Apache httpd forwarding requests
> with AJP.
>
> We then use Apache httpd for things like terminating SSL, do RADIUS or LDAP
> authentication, load balancing several Tomcat instances and so on.
>
> I think it is a good and common setup like that.
>
> Torsten
>
> -----Original Message-----
> From: Andrew Feller [mailto:andrew.feller@gmail.com]
> Sent: 30. oktober 2008 18:16
> To: users@tomcat.apache.org
> Cc: Brad Cupit
> Subject: JSVC vs standard startup / shutdown scripts
>
> QUESTION: What is the best practice for running Tomcat? JSVC daemon or
> startup / shutdown scripts as a non-root user and forwarding HTTPS requests
> to a non-privileged port?
>
> While reading the Professional Apache Tomcat 6 (ISBN: 978-0-471-75361-2),
> they recommend running Tomcat to start it up using the startup script
> provided in the Tomcat binary and having your firewall forward requests from
> HTTPS to a non-privileged port. This is very interesting for two reasons:
>
> 1. The book never mentions JSVC, which the Tomcat documentation does
> 2. We believed using JSVC was the only way to run as a non-root user,
> which doesn't seem to be the case now
>
> I would appreciate any feedback about the trade offs and why people choose
> one over the other.
>
> Thanks,
> Andrew
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
Andrew R. Feller, Analyst
Information Technology Services
200 Fred Frey Building
Louisiana State University
Baton Rouge, LA 70803
(225) 578-3737 (Office)
(225) 578-6400 (Fax)
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: JSVC vs standard startup / shutdown scripts
Posted by To...@teliasonera.com.
Hi Andrew,
We let all our Tomcats run on a non-privileged port and use some init script using startup.sh/shutdown.sh, and have an Apache httpd forwarding requests with AJP.
We then use Apache httpd for things like terminating SSL, do RADIUS or LDAP authentication, load balancing several Tomcat instances and so on.
I think it is a good and common setup like that.
Torsten
-----Original Message-----
From: Andrew Feller [mailto:andrew.feller@gmail.com]
Sent: 30. oktober 2008 18:16
To: users@tomcat.apache.org
Cc: Brad Cupit
Subject: JSVC vs standard startup / shutdown scripts
QUESTION: What is the best practice for running Tomcat? JSVC daemon or
startup / shutdown scripts as a non-root user and forwarding HTTPS requests
to a non-privileged port?
While reading the Professional Apache Tomcat 6 (ISBN: 978-0-471-75361-2),
they recommend running Tomcat to start it up using the startup script
provided in the Tomcat binary and having your firewall forward requests from
HTTPS to a non-privileged port. This is very interesting for two reasons:
1. The book never mentions JSVC, which the Tomcat documentation does
2. We believed using JSVC was the only way to run as a non-root user,
which doesn't seem to be the case now
I would appreciate any feedback about the trade offs and why people choose
one over the other.
Thanks,
Andrew
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org