在Debian安装完tomcat5.5,发现有一个严重的问题,那就是tomcat具备root权 限,必须要以root身份开发程序,这太不安全了,必须改为普通用户身份启动。
根据apache网站的Document说明,要使tomcat作为一个守护 程序运行,需要用到jsvc工具。
准备工作Tomcat安装后,如果让Tomcat用root身份启动,Tomcat将会拥用 root权限,这将可能给系统带来安全隐患,黑客可能利用这个来攻击我们的系统。
安装autoconf
可以使用shell>sudo apt-get install autoconf 进行安装安装jsvc
按照网上说的tar zxvf jsvc.tar.gz
cd jsvc-src
chmod +x configure
./configure --with-java=/usr/jdk
make
./jsvc -help
cd jsvc-src
chmod +x configure
./configure --with-java=/usr/jdk
make
./jsvc -help
经过我的仔细查找,发现 apache-tomcat-6.0.28.tar.gz 里面,压根就没有jsvc.tar.gz, 都不知道,这个jsvc.tar.gz 这个文件从哪里得到!!!
经过摸索,下面的办法可行。
[root@localhost /]# cd /usr/local/tomcat/bin/
[root@localhost bin]# tar zxvf commons-daemon-native.tar.gz
[root@localhost bin]# tar zxvf tomcat-native.tar.gz
[root@localhost bin]# cd commons-daemon-1.0.2-native-src/unix/
[root@localhost bin]# sh support/buildconf.sh
[root@localhost bin]# tar zxvf commons-daemon-native.tar.gz
[root@localhost bin]# tar zxvf tomcat-native.tar.gz
[root@localhost bin]# cd commons-daemon-1.0.2-native-src/unix/
[root@localhost bin]# sh support/buildconf.sh
为configure添加执行权限
shell>sudo chmod 755 configure
shell>sudo ./configure --with-java=/usr/lib/j2sdk1.6-sun (这是俺系统的JDK安装的位置)
shell>sudo make
shell>sudo ./configure --with-java=/usr/lib/j2sdk1.6-sun (这是俺系统的JDK安装的位置)
shell>sudo make
okay!如果没有出现错误的话,jsvc就安装成功了!
设置启动脚本
接下来,就是把jsvc中带有的一个tomcat5.sh的一个模板复制到/etc/init.d目录下,然后根据自己的情况,进行修改。 shell>sudo cp /usr/local/tomcat6/bin/jsvc-src/native/Tomcat5.sh /etc/init.d/tomcat 上面的命令是移动文件tomcat5.sh到/etc/init.d/里面并改名为tomcat修改/etc/init.d/tomcat文件: shell>cd /etc/init.d shell>sudo gedit tomcat
俺的tomcat文件修改完如下:
<example>
#!/bin/sh
# chkconfig:345 88 14
# description:Tomcat Daemon
##############################################################################
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##############################################################################
#
# Small shell script to show how to start/stop Tomcat using jsvc
# If you want to have Tomcat running on port 80 please modify the server.xml
# file:
#
# <!-- Define a non-SSL HTTP/1.1 Connector on port 80 -->
# <Connector className="org.apache.catalina.connector.http.HttpConnector"
# port="80" minProcessors="5" maxProcessors="75"
# enableLookups="true" redirectPort="8443"
# acceptCount="10" debug="0" connectionTimeout="60000"/>
#
# That is for Tomcat-5.0.x (Apache Tomcat/5.0)
#
# Adapt the following lines to your configuration
JAVA_HOME=/usr/lib/jvm/java-6-openjdk
CATALINA_HOME=/usr/share/tomcat5.5
DAEMON_HOME=$CATALINA_HOME/bin/commons-daemon-1.0.2-native-src/unix
TOMCAT_USER=tomcat55
# for multi instances adapt those lines.
TMP_DIR=/var/tmp
PID_FILE=/var/run/jsvc.pid
CATALINA_BASE=$CATALINA_HOME
# CATALINA_OPTS="-Djava.library.path=/usr/share/tomcat5.5/bin/tomcat-native-1.1.20-src/jni/native/.libs"
CATALINA_OPTS=
CLASSPATH=\
$JAVA_HOME/lib/tools.jar:\
$CATALINA_HOME/bin/commons-daemon.jar:\
$CATALINA_HOME/bin/bootstrap.jar
case "$1" in
start)
#
# Start Tomcat
#
$DAEMON_HOME/jsvc \
-user $TOMCAT_USER \
-home $JAVA_HOME \
-Dcatalina.home=$CATALINA_HOME \
-Dcatalina.base=$CATALINA_BASE \
-Djava.io.tmpdir=$TMP_DIR \
-wait 10 \
-pidfile $PID_FILE \
-outfile $CATALINA_HOME/logs/catalina.out \
-errfile '&1' \
$CATALINA_OPTS \
-cp $CLASSPATH \
org.apache.catalina.startup.Bootstrap
#
# To get a verbose JVM
#-verbose \
# To get a debug of jsvc.
#-debug \
exit $?
;;
stop)
#
# Stop Tomcat
#
$DAEMON_HOME/jsvc \
-stop \
-pidfile $PID_FILE \
org.apache.catalina.startup.Bootstrap
exit $?
;;
*)
echo "Usage tomcat.sh start/stop"
exit 1;;
esac
</example>
#!/bin/sh
# chkconfig:345 88 14
# description:Tomcat Daemon
##############################################################################
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##############################################################################
#
# Small shell script to show how to start/stop Tomcat using jsvc
# If you want to have Tomcat running on port 80 please modify the server.xml
# file:
#
# <!-- Define a non-SSL HTTP/1.1 Connector on port 80 -->
# <Connector className="org.apache.catalina.connector.http.HttpConnector"
# port="80" minProcessors="5" maxProcessors="75"
# enableLookups="true" redirectPort="8443"
# acceptCount="10" debug="0" connectionTimeout="60000"/>
#
# That is for Tomcat-5.0.x (Apache Tomcat/5.0)
#
# Adapt the following lines to your configuration
JAVA_HOME=/usr/lib/jvm/java-6-openjdk
CATALINA_HOME=/usr/share/tomcat5.5
DAEMON_HOME=$CATALINA_HOME/bin/commons-daemon-1.0.2-native-src/unix
TOMCAT_USER=tomcat55
# for multi instances adapt those lines.
TMP_DIR=/var/tmp
PID_FILE=/var/run/jsvc.pid
CATALINA_BASE=$CATALINA_HOME
# CATALINA_OPTS="-Djava.library.path=/usr/share/tomcat5.5/bin/tomcat-native-1.1.20-src/jni/native/.libs"
CATALINA_OPTS=
CLASSPATH=\
$JAVA_HOME/lib/tools.jar:\
$CATALINA_HOME/bin/commons-daemon.jar:\
$CATALINA_HOME/bin/bootstrap.jar
case "$1" in
start)
#
# Start Tomcat
#
$DAEMON_HOME/jsvc \
-user $TOMCAT_USER \
-home $JAVA_HOME \
-Dcatalina.home=$CATALINA_HOME \
-Dcatalina.base=$CATALINA_BASE \
-Djava.io.tmpdir=$TMP_DIR \
-wait 10 \
-pidfile $PID_FILE \
-outfile $CATALINA_HOME/logs/catalina.out \
-errfile '&1' \
$CATALINA_OPTS \
-cp $CLASSPATH \
org.apache.catalina.startup.Bootstrap
#
# To get a verbose JVM
#-verbose \
# To get a debug of jsvc.
#-debug \
exit $?
;;
stop)
#
# Stop Tomcat
#
$DAEMON_HOME/jsvc \
-stop \
-pidfile $PID_FILE \
org.apache.catalina.startup.Bootstrap
exit $?
;;
*)
echo "Usage tomcat.sh start/stop"
exit 1;;
esac
</example>
注意
- debian下安装的tomcat5.5服务好像也能自动启动,而且用户也是tomcat55,但使用过程有 问题,还是用自己做得服务!
- 将/var/lib/tomcat5.5/webapps属性改为machine,这样 machine用户才能发布程序。