Changing user Lucee runs under
224 views
Skip to first unread message
Nando Breiter
May 29, 2015, 6:23:44 AM5/29/15
to lu...@googlegroups.com
I've installed Lucee (as Railo) some years back on my Mac development machine, and then subsequently updated the jars. Since it was simply a local dev install, security not a priority, I went ahead and installed it to run under root, as suggested by the installer.
Now I need to change the user Lucee runs under to be something other than root, and I don't find instructions how to do this on a Mac. I've searched the startup.sh and catalina.sh scripts for a run under this user setting, but I haven't found anything.
There are instructions here for Linux:
... but they don't seem to apply to a Mac. I don't find the change-user.sh script on my Mac install, and and am almost 100% sure, from looking through the code, that it won't work if I run it. Mac startup and shutdown is controlled from another script.
I've tried placing the following in setenv.sh
TOMCAT_OWNER="nando";
export TOMCAT_OWNER;
but that didn't seem to work for me. Lucee is still running under root after stopping and restarting ...
Any help would be greatly appreciated.
Nando
Aria Media Sagl
Via Rompada 40
6987 Caslano
Switzerland
+41 (0)91 600 9601
+41 (0)76 303 4477 cell
skype: ariamedia
Via Rompada 40
6987 Caslano
Switzerland
+41 (0)91 600 9601
+41 (0)76 303 4477 cell
skype: ariamedia
Robert Munn
May 29, 2015, 9:52:30 AM5/29/15
to lu...@googlegroups.com
I am working on a post about something else, but I will post a script to start and stop lucee (tomcat) as non-root this weekend.
--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAGHrs%3D_%2BFGFDWbiaqajjLuB2wgQ_Z_Ywa1TeBjMnQyaFB_aiBA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Nando Breiter
May 29, 2015, 9:56:56 AM5/29/15
to lu...@googlegroups.com
Thanks very much Robert!
Aria Media Sagl
Via Rompada 40
6987 Caslano
Switzerland
+41 (0)91 600 9601
+41 (0)76 303 4477 cell
skype: ariamedia
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAE1_fB6Rcp0SitGt-8oCBiemb_ZjFMbCFFyKqWBuFiM-wW5%2BYw%40mail.gmail.com.
denstar
May 29, 2015, 8:05:23 PM5/29/15
to lu...@googlegroups.com
You can always give this a go:
http://cfmlprojects.org/artifacts/org/lucee/lucee.tomcat.modcfml.jre/4.5.1.017/lucee.tomcat.modcfml.jre-4.5.1.017-darwin64.zip
Run the lucee-ctl script as yourself, and select the "install-tomcat"
option-- it will set it up to automatically start under your user name.
First try the "start-foreground" option, I reckon, to be sure it'll run.
If you choose the install-tomcat option it will auto-start on reboot.
The install script that lucee-ctl runs is under bin/daemon, it should
work for OS X and Linux (look at the Darwin stuff to see how it does the
Mac bits).
After install, "launchctl stop lucee-tomcat" stops it, and then
"launchctl start lucee-tomcat" starts it, etc. (see launchctl docs for
more info), and you can remove the launchctl stuff with lucee-ctl.
-Den
http://cfmlprojects.org/artifacts/org/lucee/lucee.tomcat.modcfml.jre/4.5.1.017/lucee.tomcat.modcfml.jre-4.5.1.017-darwin64.zip
Run the lucee-ctl script as yourself, and select the "install-tomcat"
option-- it will set it up to automatically start under your user name.
First try the "start-foreground" option, I reckon, to be sure it'll run.
If you choose the install-tomcat option it will auto-start on reboot.
The install script that lucee-ctl runs is under bin/daemon, it should
work for OS X and Linux (look at the Darwin stuff to see how it does the
Mac bits).
After install, "launchctl stop lucee-tomcat" stops it, and then
"launchctl start lucee-tomcat" starts it, etc. (see launchctl docs for
more info), and you can remove the launchctl stuff with lucee-ctl.
-Den
Nando Breiter
May 31, 2015, 9:36:38 AM5/31/15
to lu...@googlegroups.com
Thanks Denny,
I wound up following your suggestion and re-installing Lucee. The only caveat - I needed to delete existing WEB-INF directories that Lucee had generated as root, because apparently, Lucee running as a non-privileged user did not have proper access to them. Changing the permissions on this these directories might have also worked, but lacking accurate information, deleting them turned out to be easier ...
Aria Media Sagl
Via Rompada 40
6987 Caslano
Switzerland
+41 (0)91 600 9601
+41 (0)76 303 4477 cell
skype: ariamedia
--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/5568FEBA.40004%40gmail.com.
Robert Munn
May 31, 2015, 7:00:30 PM5/31/15
to lu...@googlegroups.com
For anyone else interested in this approach, I have written an updated Lucee/Nginx start/stop script that allows you to specify a username to use as the Tomcat process user. It also provides a default username for convenience. I’ve tested it with both my own username and a non-privileged username.
Robert
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAGHrs%3D9zUbYgVAdo37OchnTBeAPxZ8m3B8n7GVhX8w6uHgaZ4g%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages