1
我正在使用apache-tomcat-7.0.50運行一個web應用程序。我的應用程序將用戶上載的文件存儲在文件系統的目錄(./opt/data)中。當我以$ CATALINA_HOME/bin/startup.sh作爲root用戶手動啓動服務器時,我可以訪問文件系統,並且所有圖像都可以在我的網站上看到。我不想以root身份執行tomcat,因爲我認爲這可能是一個安全問題,我自動想在服務器重啓時啓動tomcat。所以我用一個腳本來啓動服務器作爲服務:tomcat服務無法訪問文件系統(linux)
#!/bin/bash # # tomcat7 This shell script takes care of starting and stopping Tomcat
# Description: This shell script takes care of starting and stopping Tomcat
# chkconfig: - 80 20
#
## Source function library.
#. /etc/rc.d/init.d/functions
TOMCAT_HOME=/home/peter/tomcat
SHUTDOWN_WAIT=20
tomcat_pid() {
echo `ps aux | grep org.apache.catalina.startup.Bootstrap | grep -v grep | awk '{ print $2 }'`
}
start() {
pid=$(tomcat_pid)
if [ -n "$pid" ]
then
echo "Tomcat is already running (pid: $pid)"
else
# Start tomcat
echo "Starting tomcat"
ulimit -n 100000
umask 007
/bin/su -p -s /bin/sh root $TOMCAT_HOME/bin/startup.sh
fi
return 0
}
stop() {
pid=$(tomcat_pid)
if [ -n "$pid" ]
then
echo "Stoping Tomcat"
/bin/su -p -s /bin/sh root $TOMCAT_HOME/bin/shutdown.sh
let kwait=$SHUTDOWN_WAIT
count=0;
until [ `ps -p $pid | grep -c $pid` = '0' ] || [ $count -gt $kwait ]
do
echo -n -e "\nwaiting for processes to exit";
sleep 1
let count=$count+1;
done
if [ $count -gt $kwait ]; then
echo -n -e "\nkilling processes which didn't stop after $SHUTDOWN_WAIT seconds"
kill -9 $pid
fi
else
echo "Tomcat is not running"
fi
return 0
}
case $1 in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
pid=$(tomcat_pid)
if [ -n "$pid" ]
then
echo "Tomcat is running with pid: $pid"
else
echo "Tomcat is not running"
fi
;;
esac
exit 0
可惜的是我的圖像不能在網站上顯示的,如果我啓動tomcat作爲一種服務。
我已經給了目錄下面的讀/寫/執行權限:
drwxrwxrwx 2 root tomandruser 12288 Jan 21 21:09 data
用戶roup tomandruser:
[[email protected] init.d]# groups root
root : root tomandruser
[[email protected] init.d]# groups tomcat
tomcat : tomcat tomandruser
[[email protected] init.d]#
我怎麼可以指定哪些用戶運行Tomcat服務和我如何讓他訪問/ opt/data目錄,以便我的服務器可以加載圖像?
感謝您的幫助。
更新結果ps -aef | grep的java的
開始作爲服務:
[[email protected] init.d]# ps -aef | grep java
root 28898 1 2 14:21 pts/0 00:01:01 /usr/bin/java -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.50/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/opt/apache-tomcat-7.0.50/endorsed -classpath /opt/apache-tomcat-7.0.50/bin/bootstrap.jar:/opt/apache-tomcat-7.0.50/bin/tomcat-juli.jar -Dcatalina.base=/opt/apache-tomcat-7.0.50 -Dcatalina.home=/opt/apache-tomcat-7.0.50 -Djava.io.tmpdir=/opt/apache-tomcat-7.0.50/temp org.apache.catalina.startup.Bootstrap start
root 29066 28724 0 14:58 pts/0 00:00:00 grep java
手動啓動:
[[email protected] bin]# ps -aef | grep java
root 29147 1 99 14:59 pts/0 00:00:11 /usr/bin/java -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.50/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dfile.encoding=UTF-8 -Djava.endorsed.dirs=/opt/apache-tomcat-7.0.50/endorsed -classpath /opt/apache-tomcat-7.0.50/bin/bootstrap.jar:/opt/apache-tomcat-7.0.50/bin/tomcat-juli.jar -Dcatalina.base=/opt/apache-tomcat-7.0.50 -Dcatalina.home=/opt/apache-tomcat-7.0.50 -Djava.io.tmpdir=/opt/apache-tomcat-7.0.50/temp org.apache.catalina.startup.Bootstrap start
root 29165 28724 0 14:59 pts/0 00:00:00 grep java
**更新** II
好吧,我創建更新用戶權限的目錄用戶和子目錄。
drwxr-xr-x 9 tomcatuser tomcatuser 4096 Jan 21 15:09 apache-tomcat-7.0.50
drwxrwxrwx 2 tomcatuser tomcatuser 12288 Jan 21 21:09 data
我調整了啓動腳本:
前:/bin/su -p -s /bin/sh root $TOMCAT_HOME/bin/startup.sh
後:sudo -u tomcatuser /bin/sh $TOMCAT_HOME/bin/startup.sh
並調用服務,像這樣:
sudo service tomcat7 start
還沒顯示圖像。感謝您的幫助,我非常感謝。
使用'ps -aef | grep java',你就會知道它運行的用戶是 –
根據分佈情況,你是否遇到了SELinux問題? – nitind
CentOS版本6.5(最終版) – SimonH