Clicky

Hi Experts,

I am working my way through installing and configuring tomcat 7 for first time. Can you please help me understand how to get it started? I am following this tutorial:

I've installed tomcat, set catalina_home, catalina_base, java_home env variables. I have set ownership of tomcat directory to my user/group "tomcat/tomcat".

Now when i run the command and enter the password nothing happens. Even logs dont reflect a change.

su -p -s /bin/sh tomcat $CATALINA_HOME/bin/startup.sh

However if i simply run the command below; tomcat works.

sudo sh startup.sh

Where do i go wrong by starting up via tomcat user?  Im glad to post any and all info you might need; please advise on what details you need. Thank yoU!

asked 12/13/2011 07:37

gregg_s's gravatar image

gregg_s ♦♦


28 Answers:
Try using the full path instead of CATALINA_HOME.

link

answered

sweetfa2's gravatar image

sweetfa2

thanks sweetfa2, will try in the morning.
link

answered 2011-12-13 at 16:13:22

gregg_s's gravatar image

gregg_s

You can also refer the following url for installation steps.

http://www.davidghedini.com/pg/entry/install_tomcat_7_on_centos
link

answered 2011-12-13 at 17:00:10

testez's gravatar image

testez

Just realized that you are on ubuntu machine. Please ignore the above url and refer this one if you have any doubts.

http://diegobenna.blogspot.com/2011/01/install-tomcat-7-in-ubuntu-1010.html
link

answered 2011-12-13 at 18:26:35

testez's gravatar image

testez

Thanks testez, i have a quetion about the article you sent. I see the author is starting tomcat as root. Is that a security issue to be concerned about? I was able to start tomcat myself using sudo.

Excuse my ignorance, i have very limited knowledge of linux. Also, I am running ubuntu server.

Thanks,gregg
link

answered 2011-12-13 at 18:28:07

gregg_s's gravatar image

gregg_s

sweetfa2: I didnt have any luck replacing the environment variable with absolute path.

Here is some basic information (i hope it helps):

$cat /etc/passwd
tomcat:x:1001:1001::/home/tomcat:/sbin/nologin

Three questions about this line (shown above for tomcat user) in the /etc/passwd file.
1. Should tomcat have a home folder?
2. Is /sbin/nologin the correct shell value. I didnt find the /sbin/nologin directory. So is this an instance of where you create a false shell value to prevent login? Or does Ubuntu use a different value that is equivalent to "/sbin/nologin"?


$echo $CATALINA_HOME; echo $CATALINA_BASE; echo $JAVA_HOME
/var/lib/tomcat
/var/lib/tomcat
/usr/lib/jvm/java-1.6.0-openjdk

Note: The java home variable references a symbolic link. I assume that is fine unless you say otherwise. I find interesting that the symbolic link is in the same directory as the actual directory itself.

$pwd
/var/lib/tomcat

$cat Logs/catalina.out
$ _

I cleared out log file prior to "starting the tomcat server" so i can see any possible activity when i run the /bin/startup.sh script. But nothing is logged.

Does this help at all? I wonder if my issue could be with tomcat user is setup wrong.

Thank you!
link

answered 2011-12-13 at 19:22:02

gregg_s's gravatar image

gregg_s

Try doing your echo line as your command when you su tomcat
link

answered 2011-12-14 at 08:03:23

sweetfa2's gravatar image

sweetfa2

HI sweetfa2,

Can you give me an example of what you mean?

link

answered 2011-12-14 at 10:50:48

gregg_s's gravatar image

gregg_s

su -p -s /bin/sh "echo $CATALINA_HOME; echo $CATALINA_BASE; echo $JAVA_HOME"
link

answered 2011-12-14 at 10:55:24

sweetfa2's gravatar image

sweetfa2

nothing! it does the same. no response from command. Could that do with the sbin/nologin in my /etc/passwd file?

tomcat:x:1001:1001::/home/tomcat:/sbin/nologin

link

answered 2011-12-14 at 12:39:58

gregg_s's gravatar image

gregg_s

now to make that run i added tomcat as id. Was that wrong? So i typed:

su -p -s /bin/sh tomcat "echo $CATALINA_HOME; echo $CATALINA_BASE; echo $JAVA_HOME"
link

answered 2011-12-14 at 12:45:55

gregg_s's gravatar image

gregg_s

I would suspect that would be the issue.

Try it with just the /bin/sh and that will clarify it for real.

With my tomcat servers I start them as a service via root, and they auto-downgrade to the tomcat user.

Other installations I already have it run as that particular user that I have logged into.

Your sudo startup does the same thing as a root downgrade.  A ps should indicate that the tomcat process is owned by tomcat if you start it using sudo.

I don't know that you want to change the nologin on the tomcat user.
link

answered 2011-12-14 at 12:47:12

sweetfa2's gravatar image

sweetfa2

ok, i thought this was an error before which is why i added the tomcat to the command.

output is:
unknown id: echo /var/lib/tomcat; echo /var/lib/tomcat; echo /usr/lib/jvm/java-1.6.0-openjdk

Id like to learn more about what you said here:
"With my tomcat servers I start them as a service via root, and they auto-downgrade to the tomcat user"

Can you point me to article on web to do so? Or show how to downgrade once i have tomcat started? I am so close! Im getting excited about having succes and moving on to JSPs.

link

answered 2011-12-14 at 12:51:18

gregg_s's gravatar image

gregg_s

Try su -p -s /bin/sh tomcat $CATALINA_HOME/bin/startup.sh

I will get back to you about the downgrade stuff.
link

answered 2011-12-14 at 13:00:48

sweetfa2's gravatar image

sweetfa2

no luck there.

it just returns to command line prompt.

[email protected]$su -p -s /bin/sh tomcat $CATALINA_HOME/bin/startup.sh
pasword: blah blah
[email protected]$ _

Thanks for thoughts on downgrade stuff. If you think of any topics i should read up on - please let me know.

Your help is appreciated. Thanks.
link

answered 2011-12-14 at 13:10:18

gregg_s's gravatar image

gregg_s

su -p -s /bin/sh tomcat nohup $CATALINA_HOME/bin/startup.sh
link

answered 2011-12-14 at 13:14:30

sweetfa2's gravatar image

sweetfa2

No output. I will see the stdout like this right (which was from running as root)?

Using CATALINA_BASE: /var/lib/tomcat
Using CATALINA_HOME: /var/lib/tomcat
Using CATALINA_TMPDIR: /var/lib/tomcat/temp
Using JRE_HOME: /usr
Using CLASSPATH: /usr/lib/tomcat/bin/bootstrap.jar:/var/lib/tomcat/bin/tomcat-juli.jar

Could i have messed up during tomcat server install or tomcat user/group creation? I thought i had it right.
link

answered 2011-12-14 at 13:15:59

gregg_s's gravatar image

gregg_s

Check that the process is running.  use ps -ef | grep tomcat

There should be a file nohup.log, probably in the current directory that should have the output.
link

answered 2011-12-14 at 13:24:21

sweetfa2's gravatar image

sweetfa2

$ps -ef | grep tomcat
gregg  1125  907  0  16.28  tty1  00:00:00  grep --color=auto  tomcat

 tomcat is in red font color.
link

answered 2011-12-14 at 13:25:47

gregg_s's gravatar image

gregg_s

Just temporarily add a /bin/sh to your tomcat user, login to it and see if you can execute it from there.

That will prove that your configuration is right or not.
link

answered 2011-12-14 at 13:30:16

sweetfa2's gravatar image

sweetfa2

Ok to do as you instruct I will edit /etc/passwd and change the shell variable (lack of better words) to the following:

tomcat:x:1001:1001::/home/tomcat:/bin/sh

Is that correct?
link

answered 2011-12-14 at 13:39:32

gregg_s's gravatar image

gregg_s

Or better yet, i should:

chsh -s /bin/sh

link

answered 2011-12-14 at 13:43:50

gregg_s's gravatar image

gregg_s

Here is what i did:

$chsh -s /bin/sh tomcat
$su tomcat
...password...

$whoami
tomcat

$echo $CATALINA_HOME
/var/lib/tomcat

$ $CATALINA_HOME/bin/startup.sh
Using CATALINA_BASE: /var/lib/tomcat
Using CATALINA_HOME: /var/lib/tomcat
Using CATALINA_TMPDIR: /var/lib/tomcat/temp
Using JRE_HOME: /usr/lib/jvm/java-1.6.0-openjdk
Using CLASSPATH: /var/lib/tomcat/bin/bootstrap.jar:/var/lib/tomcat/bin/tomcat-juli.jar

...it appears to have started. but when i wget 192.168.1.8, my ip address, it says connection refused.
link

answered 2011-12-14 at 13:45:29

gregg_s's gravatar image

gregg_s

catalina.out log file says cannot start server b/c read permission not allowed on server.xml file.

As far as i can tell. it doesnt have read permissions set
$ls -l $CATALINA_HOME/conf/server.xml
...files...
--wx-wx-wx 1 tomcat tomcat ... server.xml
...files...
link

answered 2011-12-14 at 14:02:28

gregg_s's gravatar image

gregg_s

Seems your permissions are badly askew, which would tend to indicate your installation is corrupted at some point.

As a quick fix

chmod 664 server.xml

tomcat normally starts on port 8080 so unless you changed the ports in your config to 80 you will need to include a port in your wget command.

netstat -an | grep LISTEN | grep 808

should show if the server is running if you get an 8080 entry or other ports in that range

link

answered 2011-12-14 at 14:22:10

sweetfa2's gravatar image

sweetfa2

"permissions are badly askew" -- I would bet that was my ignorance - not a corrupt install. Or perhaps both! The change mode command worked.

I was successful, finally, at starting tomcat server via the tomcat user. Back to my original thought; I was trying to put the user "tomcat" in control. Not root. Which is based on several articles ive been reading.

So do you recommend i leave as is? I would like to get it where the tomcat user manages tomcat.
link

answered 2011-12-14 at 14:25:37

gregg_s's gravatar image

gregg_s

Now back to my thought:

Is it ok to have the tomcat user setup without a shell environment? It is not necessary to have one? And makes it more secure in case tomcat were breached? Although i know it probably wouldnt happen, i like peace of mind knowing "server is safe" and "i am doing things correctly"

link

answered 2011-12-14 at 15:11:51

gregg_s's gravatar image

gregg_s

sweetfa2, i am closing this question and opening related. You have helped me so much. I think beyond scope of points. Please look for next question. Thank you.
link

answered 2011-12-14 at 15:15:12

gregg_s's gravatar image

gregg_s

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

Asked: 12/13/2011 07:37

Seen: 371 times

Last updated: 12/14/2011 07:23