Bug 1084426
Summary: | $TOMCAT_GROUP doesn't effect in /etc/sysconfig/tomcat6 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Yoshifumi Kinoshita <ykinoshi> |
Component: | tomcat6 | Assignee: | Coty Sutherland <csutherl> |
Status: | CLOSED WONTFIX | QA Contact: | Bogdan Sikora <bsikora> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.5 | CC: | fgoldefu, mbabacek, pslavice, wburrows |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-02-09 15:48:21 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1075802, 1172231, 1275725, 1302761 |
Description
Yoshifumi Kinoshita
2014-04-04 10:18:27 UTC
> $TOMCAT_GROUP doesn't effect in /etc/sysconfig/tomcat6.
That's not totally true :) It _does_ affect ownership of the PID file:
[root@rhel6 ~]# ls -l /var/run/tomcat6.pid
-rw-r--r--. 1 tomcat apache 5 Nov 23 15:17 /var/run/tomcat6.pid
What it doesn't do is affect the process ownership because we use su to start tomcat:
[ "$RETVAL" -eq "0" ] && $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start" >> ${TOMCAT_LOG} 2>&1 || RETVAL="4"
We could do something like check the user and see if it's the same as the group and if so, use su; otherwise use sg to start with the specified group. I'm just not sure we can do both...
I'm still looking into this one.
We might be able to use sudo: sudo -g $TOMCAT_GROUP -u $TOMCAT_USER -s "${TOMCAT_SCRIPT} start" but my first pass gives me an error: Sorry, user root is not allowed to execute '/bin/bash -c /usr/sbin/tomcat6\ start' as tomcat:apache on rhel6. After some more researching me-- runuser is just missing the group (-g) flag. As it turns out, implementing this fix causes a few issues for layered products (specifically Satellite). Given that fact and the fact that there aren't any other requests to have this included, I will be closing the issue. |