Bug#576875: tomcat6: Allow running the init script as a normal user, not admin

Ludovic Claude ludovic.claude at laposte.net
Wed Apr 7 21:50:59 UTC 2010

Package: tomcat6
Version: 6.0.26-0ubuntu1~ppa1
Severity: wishlist

>From Jason Brittain (MuleSource):

When the init script invoked Tomcat via jsvc, it had to be run
   by an administrator user because jsvc itself had to be started
   as root in order to allow binding to privileged ports.  Now
   that we use authbind, it doesn't require the init script to
   run as an administrator to do the same thing.  For example the
   init script could run as user 'tomcat6' and starts, stops, and
   restarts could work just fine while Tomcat could still bind to
   privileged ports.  So, what's the use case for the init script
   being run as user 'tomcat6'?  There are situations where the
   administrator does not want to or cannot configure sudo for a
   user to be able to run the Tomcat init script, or where there
   is a script that runs as user tomcat6 that needs to be able to
   either restart Tomcat or get Tomcat's status.  It is possible
   to make this work now that the init script doesn't use jsvc,
   and I thought I'd ask you whether you think it would be
   helpful to allow it.  The code change would be only inside the
   init script -- it would be a relatively small change to remove
   the few lines of code that requires the user be root to run
   it, possibly invoke start-stop-daemon without the --user
   switch, maybe a small number of changes to make sure that
   running the rest of the init script as non-root works
   properly.  I think the changes are pretty small.  It would,
   however, need to be tested afterwards to make sure the usual
   use case works properly still.  So, I'm not proposing making
   this change for Lucid, unless there's time in the schedule to
   test and debug it afterwards.  What do you guys think?

-- System Information:
Debian Release: squeeze/sid
  APT prefers karmic-updates
  APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500, 'karmic-backports'), (500, 'karmic')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.31-20-generic (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages tomcat6 depends on:
ii  adduser             3.110ubuntu7         add and remove users and groups
ii  tomcat6-common      6.0.26-0ubuntu1~ppa1 Servlet and JSP engine -- common f

Versions of packages tomcat6 recommends:
ii  authbind                     1.2.0build2 Allows non-root programs to bind()

Versions of packages tomcat6 suggests:
ii  tomcat6-admin       6.0.26-0ubuntu1~ppa1 Servlet and JSP engine -- admin we
ii  tomcat6-docs        6.0.26-0ubuntu1~ppa1 Servlet and JSP engine -- document
ii  tomcat6-examples    6.0.26-0ubuntu1~ppa1 Servlet and JSP engine -- example 
ii  tomcat6-user        6.0.26-0ubuntu1~ppa1 Servlet and JSP engine -- tools to

-- no debconf information

More information about the pkg-java-maintainers mailing list