I had to run tomcat on port 80 as a non root user, but problem was that the non-root users can not bind to port numbers lower than 1024 on Linux. So I was not able to start tomcat as a normal user after changing the HTTP connector port to 80. Normally webservers like Apache runs a process as root user which binds it to port 80, other processes of Apache runs as normal www-data user. The way around was to use authbind linux utility (bind sockets to privileged ports without root) for this purpose.
For this example I am using Ubuntu 12.04 and Tomcat 7 and Oracle jdk1.6.0_45.
I will create one user tomcat and I will run tomcat server using that user.
Creating the user tomcat:
useradd -d /app/tomcat tomcat
I have deployed tomcat on /app/tomcat directory and created the user using /app/tomcat as home directory (it is not necessary to create the user with the tomcat directory as home directory, but make sure that the user has read/write access)
Change ownership of the /app/tomcat folder
chown –R tomcat:tomcat /app/tomcat
Now install authbind
apt-get install authbind
Access to low numbered ports is controlled by permissions and contents of files in a configuration area, /etc/authbind
I will create an empty file 80 inside the byport folder inside the authbind config directory /etc/authbind. Now I will give permission who can access this 80 file as well as port 80.
touch /etc/authbind/byport/80
chmod 500 /etc/authbind/byport/80
chown tomcat /etc/authbind/byport/80
As I want to run tomcat server as tomcat user on port 80, so I gave tomcat user access to this 80 file.
Now I am going to add the JVM option in catalina.sh file using the JAVA_OPTS
-Djava.net.preferIPv4Stack=true
IPv6 stack is preferred by default on a dual-stack machine, as our preference is IPv4, so this setting is done through the option -Djava.net.preferIPv4Stack=true .
Now I will write the init.d script for tomcat, using the authbind to run tomcat server as non-root tomcat user.
/etc/init.d/tomcat file:
CATALINA_HOME="/app/tomcat"
case "$1" in
start)
tomcat_id=$(ps -ef | grep $CATALINA_HOME | grep -v grep | awk '{print $2}' | head -n 1)
if [ -n "$tomcat_id" ]
then
echo "Tomcat is already Running with PID:" $tomcat_id
else
echo "Starting tomcat from $CATALINA_HOME"
sudo -u tomcat authbind --deep $CATALINA_HOME/bin/startup.sh
fi
;;
stop)
tomcat_id=$(ps -ef | grep $CATALINA_HOME | grep -v grep | awk '{print $2}' | head -n 1)
if [ -n "$tomcat_id" ]
then
echo "Stopping tomcat from $CATALINA_HOME"
sudo -u tomcat authbind --deep $CATALINA_HOME/bin/shutdown.sh
else
echo "Tomcat is not running"
fi
;;
status)
tomcat_id=$(ps -ef | grep $CATALINA_HOME | grep -v grep | awk '{print $2}' | head -n 1)
if [ -n "$tomcat_id" ]
then
echo "Tomcat is Running with PID:" $tomcat_id
else
echo "Tomcat is not Running......."
fi
;;
*)
echo $"usage: $0 {start|stop|status}"
exit 3
;;
esac
We can start and stop tomcat using:
service tomcat start
service tomcat stop
To auto start tomcat at system reboot run as root:
update-rc.d tomcat defaults
That’s it 
1 comment:
Failed to start tomcat8.service: Unit tomcat8.service not found.
Post a Comment