CCL Home Page
Up Directory CCL README.html
Apache 1.3.14/Tomcat 3.2.1/Irix 6.5

My experience with SGI, Tomcat, and Apache, and IRIX 6.5

Disclaimer

I am Jan Labanowski (jkl@ccl.net) and what follows is my confession, my deepest and darkest secrets... If you follow my footsteps you may be doomed forever, so you agree to do it on your own, and do not sue me, since you were warned.

Help me...

Please help me improve this document, correct errors, and just help. I do not want you to suffer, like I did, so if you see something wrong, just let me know. Please... Thanks...

The story...

This is a log of my of installation Apache/Tomcat DSO on some SGI machine running IRIX: % uname -a IRIX64 voyager 6.5 01101245 IP27 which was not a first priority as maintenance is concerned. I do not know IRIX at all, so your comments/corrections/improvements to this document would be greatly appreciated. For me, the IRIX simply does not work like it should (but it is probably my lack of experience) , and it seems that open software community does not give a damn either, since many packages just do not compile without a lot of massaging. For this reason, I was using installation packages as much as I could. This memo was originally written around Apr 17, 2001 The UNIX commands are in italic. It assumed that you will just grab them with the mouse and paste them in your xterm... Few terms: Apache -- the Web Server DSO -- Dynamic Shared Object (additional modules can be added/updated to Apache without the need to recompile the whole thing, similar to shared libraries, but DSO modules are not only called, but can also call routines within Apache) MM -- memory management or something like that - an add-on to Apache and its modules to communicate via shared memory rather than files (faster). SSL -- Secure Socket Layer - the encryption and certificate package which works with Apache Tomcat -- the Java Server Pages (JSP) and Servlet container which uses the Java Servlets spec 2.2, and the JSP spec 1.1. It is still being actively developed and has some "features". You may want to read my FAQ on Tomcat 3.1 beta 1. since it will be easier to follow this installation log. It is available at: http://www.ccl.net/cca/software/UNIX/apache/tomcat3.1b1-faq.html Under This Link you will find copies of tardist and tar.gz files which are retrieved for this installation, unless they are copyrighted/something/crypto-munition, and I am not allowed to share them with you. Just right click on them and do "Save As".

Getting Java JDK

The default shell for root was tcsh (again, I am not the sysadmin of this box). I changed it to sh by typing sh . default path for root was: /usr/sbin:/usr/bsd:/sbin:/usr/bin:/etc:/usr/etc:/usr/bin/X11:/usr/express/bin/sg6 but there was a lot of strange links in /sbin and /usr/sbin like: gcc was linked as /usr/sbin/gcc rather than /usr/bin/gcc, or /usr/sbin/gunzip rather than /usr/bin/gunzip, etc... The regular development software was linked within /usr/sbin and /sbin directories for some reason). I had to rearrange the path. My path was: PATH=/usr/local/bin:/usr/freeware/bin:/usr/gnu/bin PATH=${PATH}:/usr/bin:/usr/sbin:/usr/bsd:/sbin:/usr/bin/X11: PATH=${PATH}:/usr/express/bin/sg6 export PATH Then, I checked if I need Java: showprods | grep java Java 1.2 is fine, you do not have to have 1.3. If you do not have Java you need to get it from SGI Web site. To get it, you need to register (unless you already did). To register, you need your SGI box serial number. 1) My machine was Onyx2. To get serial number, you need to do: sysinfo -vv | cut -d" " -f2 which prints something like: K0065abc 2) Go to a page: http://www.sgi.com/products/evaluation/6.x_java2_1.3/ You may need to register to SurfZone (there is a link there). Click on Install at the bottom. Then you will be sent to another page Where you will "ACCEPT" terms and conditions. On the next page you can either save the distribution to install it later swmgr or inst as I did (I right clicked on Install "java_eoe & java_dev" and chose "Save link as:" in /tmp/6.x_java2_eoedev_1.3.tardist) or you can just click with a left mouse button and swmgr will be called automatically. Since I will be installing the thing on more machines it is nice to have a tardist file around rather then download it many times. 3) Install Java as: mkdir /usr/freeware/java1.3 cd /usr/freeware/java1.3 mv /tmp/6.x_java2_eoedev_1.3.tardist . tar xvf 6.x_java2_eoedev_1.3.tardist inst install * go quit This should put the stuff in /usr/java (BTW, I hate the choice of location). Of course you can change the location with "inst -r target", but then your /var/inst is messed up. and does not know about it. It is convenient to have different versions of Java around, but SGI does not know about it. 4) Install other stuff (SSL and CRYPTO): I set the environment: JAVA_HOME=/usr/java export JAVA_HOME PATH=${PATH}:${JAVA_HOME}/bin export PATH CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar export CLASSPATH Got jce-1_2_1.zip from SUN: http://www.javasoft.com/products/jce/ and placed it in /usr/local/JCE cd /usr/local/JCE unzip jce-1_2_1.zip cp -p /usr/local/JCE/jce1.2.1/lib/*.jar ${JAVA_HOME}/jre/lib/ext CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jce1_2_1.jar export CLASSPATH Then edited ${JAVA_HOME}/jre/lib/security/java.security and added a line: security.provider.3=com.sun.crypto.provider.SunJCE after similar lines which were there. Got jsse-1_0_2-do.zip from SUN: http://java.sun.com/products/jsse/ and placed it in /usr/local/jsse. cd /usr/local/jsse unzip jsse-1_0_2-do.zip cp -p /usr/local/jsse/jsse1.0.2/lib/*jar $JAVA_HOME/jre/lib/ext CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jcert.jar CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jnet.jar CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jsse.jar export CLASSPATH and edited $JAVA_HOME/jre/lib/security/java.security and added a line: security.provider.4=com.sun.net.ssl.internal.ssl.Provider

Installing important tools which I cannot live without...

Before you install anything, you check if you have it first, like showprods | grep something and if this is not showing anything, maybe it was not installed via swmgr/inst and you need to check it with a plain: which something or whereis something Note... All things below assume that I am running sh, with the above PATH as a root. If you log out, you need to come back here, log in as root, type sh, and set the PATH. The PATH in your case may not need to be so strange, but in my case it has to since otherwise I would be accessing some old stuff installed on this machine ages ago, which simply does not work. When I looked into the /usr/gnu/bin, the machine did not have basic tools installed. i.e., no gmake, no gtar, etc... I decided to place all the needed packages/executables in /usr/freeware or in /usr/local/bin (this directory was not present on the machine). The stuff which is compiled from source, I usually installed in /usr/local/xxx while the freeware which was installed with "inst" was installed routinely in /usr/freeware/bin, /usr/freeware/lib, /usr/freeware/include. So remember look there for goodies. I also did not delete the distribution packages or tar archives from the disk, since I may need them later, as I will be installing this on another machine, and it is just easier to scp on local network rather than download it from remote sites.

Installing wget

I started from downloading the wget from ftp://ftp.cis.ohio-state.edu/mirror/gnu/wget/ and then installed it like: cd /usr/freeware/ mkdir wget cd wget ftp ftp.cis.ohio-state.edu Name: anonymous Login: jkl cd mirror/gnu/wget binary get wget-1.6.tar.gz quit Then, I unpacked it the old fashioned way (there was no gtar on the machine): cd /usr/freeware/wget gunzip wget-1.6.tar.gz tar xvf wget-1.6.tar Then I built the wget (a command line web retrieval utility) as: cd /usr/freeware/wget/wget-1.6 ./configure make make install which installed wget in /usr/local/bin and also created /usr/local/etc

Installing Gnu Tar

From the ftp://ftp.cis.ohio-state.edu/mirror/gnu/" (but you may find closer mirror from http://www.gnu.org) I retrieved tar-1.13.tar.gz. Then I installed it as: mkdir /usr/freeware/gtar cd /usr/freeware/gtar gunzip tar-1.13.tar.gz tar xvf tar-1.13.tar cd tar-1.13 ./configure make make check make install which put it in /usr/local/bin.

Installing gmake

Then I installed gmake: mkdir /usr/freeware/gmake cd /usr/freeware/gmake wget ftp://ftp.cis.ohio-state.edu/mirror/gnu/make/make-3.79.1.tar.gz tar zxvf make-3.79.1.tar.gz # note, the GNU tar is in my path now cd make-3.79.1 ./configure make make check make install which installed make to /usr/local/bin.

Installing unzip

Then I installed unzip mkdir /usr/freeware/unzip cd /usr/freeware/unzip wget http://freeware.sgi.com/Dist/fw_unzip-5.40.tardist tar xvf fw_unzip-5.40.tardist inst -f . instal * go quit

Installing emacs

Then I installed emacs, since this is my editor of choice. I went to http://freeware.sgi.com/index-by-alpha.html and retrieved it: mkdir /usr/freeware/emacs cd /usr/freeware/emacs wget http://freeware.sgi.com/Dist/fw_xemacs-21.1.10.tardist tar xvf fw_xemacs-21.1.10.tardist inst -f . go But it barked at me: fw_xemacs.xemacs.eoe cannot be installed because of missing prerequisites: 1a. Do not install fw_xemacs.xemacs.eoe (1236615220) 1b. Also install fw_gdbm.sw.lib (1236359920 - 1239999900), fw_libjpeg.sw.lib (1235274920 - 1239999900), fw_libpng.sw.lib (1236359820 - 1239999900), fw_libxpm.sw.lib (1235275020 - 1239999900), fw_libz.sw.lib (1235723320 - 1239999900) and fw_tiff.sw.lib (1235509620 - 1239999900) from an additional distribution -- insert another CD or specify another software distribution. so I installed needed pieces: gdbm -- gnu UNIX database mkdir /usr/freeware/gdbm cd /usr/freeware/gdbm wget http://freeware.sgi.com/Dist/fw_gdbm-1.8.0.tardist tar xvf fw_gdbm-1.8.0.tardist inst -f . go quit libjpeg -- library for JPEGs mkdir /usr/freeware/libjpeg cd /usr/freeware/libjpeg wget http://freeware.sgi.com/Dist/fw_libjpeg-6b.tardist tar xvf fw_libjpeg-6b.tardist inst -f . go quit libxpm -- xpm images library mkdir /usr/freeware/libxpm cd /usr/freeware/libxpm wget http://freeware.sgi.com/Dist/fw_libxpm-3.4k.tardist tar xvf fw_libxpm-3.4k.tardist inst -f . go quit libz -- compression library mkdir /usr/freeware/libz cd /usr/freeware/libz wget http://freeware.sgi.com/Dist/fw_libz-1.1.3.tardist tar xvf fw_libz-1.1.3.tardist inst -f . go quit tiffutils -- TIFF image library mkdir /usr/freeware/tiffutils cd /usr/freeware/tiffutils wget http://freeware.sgi.com/Dist/fw_tiff-v3.4beta037.tardist tar xvf fw_tiff-v3.4beta037.tardist inst -f . go quit libpng -- png image library mkdir /usr/freeware/libpng cd /usr/freeware/libpng wget http://freeware.sgi.com/Dist/fw_libpng-1.0.6.tardist tar xvf fw_libpng-1.0.6.tardist inst -f . go quit and then tried again to install emacs cd /usr/freeware/emacs inst -f . go quit mkdir /usr/freeware/gnu-emacs cd /usr/freeware/gnu-emacs wget http://freeware.sgi.com/Dist/fw_gnu-emacs-20.7.tardist tar xvf fw_gnu-emacs-20.7.tardist inst -f . go quit

Installing SSH -- secure shell

I tried to install binary distribution of OpenSSH from http://freeware.sgi.com/Dist/fw_openssh-2.3.0p1.tardist but it needed many libraries... Since this is academic site, I could use the original ssh (if you are commercial, you cannot use it, I believe, without paying). cd /usr/freeware mkdir ssh cd /usr/freeware/ssh wget ftp://ftp.sbs.de/pub/security/ssh/ssh-1.2.31.tar.gz tar zxvf ssh-1.2.31.tar.gz cd ssh-1.2.31 ./configure make make install It installs the ssh in /usr/local/bin, and sshd in /usr/local/sbin. Then installed script run-sshd in /etc/init.d to make sshd (SSH demon) start up at boot. To make it start sshd server daemon on boot, I linked the script in /etc/rc2.d cd /etc/init.d chmod 755 run-sshd cd /etc/rc2.d ln -s ../init.d/run-sshd S98run-sshd

Installed latest zlib (compression routines)

mkdir /usr/freeware/zlib cd /usr/freeware/zlib wget ftp://ftp.info-zip.org/pub/infozip/zlib/zlib.tar.gz tar zxvf zlib.tar.gz cd zlib-1.1.3 ./configure make make test make install It installs libz in /usr/local/lib

Installed newer gcc

Installed new 2.95 gcc, since the current is old (2.8.1) gcc --version told me: 2.8.1 mkdir /usr/freeware/gcc cd /usr/freeware/gcc wget http://freeware.sgi.com/Dist/fw_gcc-2.95.2-sgipl1.tardist tar xvf fw_gcc-2.95.2-sgipl1.tardist inst -f . go

Installed new openssl

OpenSSL (www.openssl.org) contains all needed routines to do SSL secure sockets. mkdir /usr/freeware/openssl cd /usr/freeware/openssl wget http://freeware.sgi.com/Dist/fw_openssl-0.9.6.tardist tar xvf fw_openssl-0.9.6.tardist inst -f . go quit It installed them in /usr/freeware/lib, /usr/freeware/bin, /usr/freeware/include/openssl

Upgrading perl

The perl was old (5.004_04) so I got the newer one. mkdir /usr/freeware/perl cd /usr/freeware/perl wget http://freeware.sgi.com/Dist/fw_perl-5.005_03.tardist tar xvf fw_perl-5.005_03.tardist inst -f . go quit

Installing Apache

I tried to install the latest stable Apache (1.3.19) from sources, but it did not work. I was getting the error: gcc -I/usr/freeware/apache-1.3.19/mm-1.1.3 -I./os/unix -I./include \ -DIRIX -DMOD_SSL=208102 -DUSE_HSREGEX -DEAPI -DEAPI_MM -DUSE_EXPAT \ -I./lib/expat-lite -fpic -DSHARED_CORE `./apaci` \ -L/usr/freeware/apache-1.3.19/mm-1.1.3/.libs \ -o libhttpd.ep -DSHARED_CORE_TIESTATIC main/http_main.c \ -L. -lhttpd -lmm ld32: WARNING 84 : ./libhttpd.so is not used for resolving any symbol. ld32: ERROR 33 : Unresolved text symbol "ap_main" -- 1st referenced by /var/tmp/ccBRwCce.o. Use linker option -v to see when and which objects, archives and dsos are loaded. ld32: ERROR 33 : Unresolved text symbol "ap_validate_password" -- 1st referenced by /var/tmp/ccBRwCce.o. Use linker option -v to see when and which objects, archives and dsos are loaded. ld32: ERROR 33 : Unresolved text symbol "XML_ErrorString" -- 1st referenced by /var/tmp/ccBRwCce.o. Use linker option -v to see when and which objects, archives and dsos are loaded. ld32: INFO 152: Output file removed because of error. collect2: ld returned 2 exit status make[2]: *** [libhttpd.ep] Error 1 make[2]: Leaving directory `/usr/freeware/apache-1.3.19/apache_1.3.19/src' make[1]: *** [build-std] Error 2 make[1]: Leaving directory `/usr/freeware/apache-1.3.19/apache_1.3.19' make: *** [build] Error 2 I pretty much have an idea what is the problem (the #define for IRIX is probably missing), but I did not have time to chase this. It seems like Apache team no longer supports IRIX 6.5, which is probably sensible in view of latest SGI directions. I removed previous installation of Apache. inst remove fw_apache go quit and then installed 1.3.14 from freeware site: mkdir /usr/freeware/apache-1.3.14 cd /usr/freeware/apache-1.3.14 wget http://freeware.sgi.com/Dist/fw_apache-1.3.14.tardist tar xvf fw_apache-1.3.14.tardist inst -f . install * # or step and chose all "i" for install) go quit This installed apache to /usr/freeware/apache. The directories are bin -- auxiliary programs: dbmmanage, htdigest, htpasswd etc -- config files and SSL certificates include -- the include files for apache if you want to compile additional modules libexec -- where the DSO modules are sbin -- apache binary, apxs script, and startup script apachectl share -- the web contents var -- log, cache files, pid file, etc.

Installing Tomcat 3.2.1

I downloaded needed binaries and sources of tomcat: mkdir /usr/freeware/jakarta-tomcat cd /usr/freeware/jakarta-tomcat wget http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.2.1/bin/jakarta-servletapi-3.2.tar.gz wget http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.2.1/bin/jakarta-tomcat-3.2.1.tar.gz tar zxvf jakarta-servletapi-3.2.tar.gz tar zxvf jakarta-tomcat-3.2.1.tar.gz wget http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.2.1/src/jakarta-tomcat-3.2.1-src.tar.gz tar zxvf jakarta-tomcat-3.2.1-src.tar.gz Then I edited jk_pool.h and added IRIX #define. cd /usr/freeware/jakarta-tomcat/jakarta-tomcat-3.2.1-src/src/native/jk edited jk_pool.h and and added around line 92 #elif defined(IRIX) typedef long long jk_pool_atom_t; Then I compiled mod_jk module for Apache: cd /usr/freeware/jakarta-tomcat/jakarta-tomcat-3.2.1-src/src/native/apache1.3 JAVA_HOME=/usr/java export JAVA_HOME /usr/freeware/apache/sbin/apxs -o mod_jk.so -DIRIX -I../jk \ -I${JAVA_HOME}/include -I${JAVA_HOME}/include/irix -c *.c ../jk/*.c cp mod_jk.so /usr/freeware/apache/libexec cd /usr/freeware/jakarta-tomcat Created a small file called my_env and made it executable: chmod 755 my_env Whenever I wanted to refresh my environment (e.g., after logging out), I ran . my_env Then I had to change server.xml for tomcat, since default apache came with port 8080 and I would have port conflict. cd $TOMCAT_HOME cd conf mkdir orig cp -p * orig Edited server.xml and changed port 8080 to 7080 in HTTP connector Then I started tomcat standalone cd $TOMCAT_HOME/bin startup.sh I checked if the URL: http://my.machine.edu:7080 works and executed few examples. It worked... But this is not the way to do it, to execute tomcat as root!!! So I did cd $TOMCAT_HOME/bin shutdown.sh Now... The tomcat should be some innocuous user which cannot do much harm. But the Tomcat needs a shell, and cannot be a nobody. I created user tomcat with uid and gid 60002 In /etc/group: tomcat:*:60002: and in /etc/passwd tomcat:x:60002:60002:SVR4 tomcat uid:/usr/people/tomcat:/bin/sh Then I also added tomcat to /etc/shadow file and set the password with passwd tomcat Then, I created home directory for tomcat user: mkdir /usr/people/tomcat chown tomcat /usr/people/tomcat chgrp tomcat /usr/people/tomcat Then, I changed ownership tomcat stuff to tomcat cd $TOMCAT_HOME chown -R tomcat . chgrp -R tomcat . and in /usr/people/tomcat I placed the my_env file from above as: .profile: cp $JAKARTA_HOME/my_env /usr/people/tomcat/.profile chown tomcat /usr/people/tomcat/.profile chgrp tomcat /usr/people/tomcat/.profile Then, I became tomcat and check if it starts OK under new identity: su - tomcat cd $TOMCAT_HOME/bin ./startup.sh It actually did.

Configuring the Apache/Tomcat ZOO...

Rather than giving you the step by step history of my editing files, I will just include the final versions of the configuration files. Before I actually messed with the files, I saved the originals: cd $TOMCAT_HOME/conf mkdir orig cp -p * orig cd /usr/freeware/apache/etc tar zxvf ../etc-orig.tgz . My config files are given here: $TOMCAT_HOME/conf/mod_jk.conf $TOMCAT_HOME/conf/workers.properties $TOMCAT_HOME/conf/server.xml $TOMCAT_HOME/bin/startup.sh $TOMCAT_HOME/bin/tomcat.sh $TOMCAT_HOME/bin/shutdown.sh $TOMCAT_HOME/bin/jspc.sh /usr/freeware/apache/etc/httpd.conf Note that mod_jk.conf has the Tomcat contexts protected by id/password with Apache Basic Authentication (look up the /examples for example). To be able to access the servlets/JSPs you need to create two files: /usr/freeware/apache/etc/htpasswd and /usr/freeware/apache/etc/htgroup You need to read about it, but for testing you can get away with files which contain one line: /usr/freeware/apache/etc/htpasswd contains a line: guest:abvyhtC1vX8PI and /usr/freeware/apache/etc/htgroup contains a line: demo: guest The abvyhtC1vX8PI is encrypted guest, i.e., to log in you enter guest for User Id and Password. I tried if things work by starting first the tomcat (as user tomcat, not a root!!!), and the apache as user root. # I am root su - tomcat # I am tomcat $TOMCAT_HOME/bin/startup.sh exit # I am root again /usr/freeware/apache/sbin/apachectl startssl I tried my URLs http:/my.machine.edu:8080/examples # tomcat stuff seen via apache HTTP https:/my.machine.edu/examples # tomcat stuff seen via apache with HTTPS http:/my.machine.edu:7080/examples # tomcat stuff seen directly HTTP It worked, so I took the stuff down as: # I am root /usr/freeware/apache/sbin/apachectl stop su - tomcat # I am tomcat $TOMCAT_HOME/bin/shutdown.sh exit # I am root again

Creating Certificates

To have a real certificate, go to one of the Certificate Authorities, read their web site, pay them money, and you will have known. Just to create home made, self signed certificates, I used the following procedure. Created a /usr/freeware/apache/etc/Makefile. It uses openssl and some tricks to create selfsigned certificate for the Apache Web Server. Then I used the file to create certificates as follows (if make does not work for you, use gmake): RANDFILE=/var/adm/SYSLOG export RANDFILE cd /usr/freeware/apache/etc mdkir certificates-01.04.17:20:20 mv ssl* certificates-01.04.17:20:20 mkdir ssl.key mkdir ssl.csr mkdir ssl.crt make genkey # will ask you for password # Then, you will need to "unpassword" the keys # or you would have problems to start apache at boot time (it would # ask for the password) openssl rsa -in ssl.key/server.key -out ssl.key/server.key.unsecure cp ssl.key/server.key.unsecure ssl.key/server.key make certreq # make certificate request make testcert # make selfsigned test certificate I have a screen dump here. For new certificates to take effect you need to restart Apache.

Tools to start/stop apache/tomcat combination

I created the apache-tomcat script which starts both Apache and Tomcat. It expects that there is user tomcat, and that the tomcat.sh script (called by the startup.sh script) writes a file which contains the PID (process Id number) of the tomcat process. The tomcat.sh script takes it from the $! shell variable and dumps it to the file. You need to edit the script and modify file locations, etc. to suit your particular needs. You now can start the Apache Tomcat combination by logging as root and: cd /usr/freeware/apache/sbin ./apache-tomcat start and stop them by: cd /usr/freeware/apache/sbin ./apache-tomcat stop Note... The apache-tomact script also redirects all stderr and stdout to the file $TOMCAT_HOME/logs/t3.2_jk.. This is where you will see all your debug output JSP when you do: System.out.println("myvar value is "+myvar); or System.err.println("myvar value is "+myvar); in your servlets or JSPs. When something does not work, always look at: $TOMCAT_HOME/logs/t3.2_jk which in our case is: /usr/freeware/jakarta-tomcat/jakarta-tomcat-3.2.1/logs/t3.2_jk Now, the problem with setup is that you have to be a root to start/stop apache/tomcat combination. To make it possible to start/stop apache/tomcat by people without the need for logging as root, I created a setuid wrappers for the apache-tomcat script, apache_start.c and apache_stop.c, respectively. You need to compile them: gcc -o apache_start apache_start.c gcc -o apache_stop apache_stop.c which will result in two executables: apache_start and apache_stop to be created. Now, typing: ./apache_start to start apache/tomcat is equivalent to typing: ./apache-tomcat start Similarly, entering ./apache_stop will stop apache/tomcat the same way the: ./apache-tomcat stop does. You still need to be a root to execute these wrapper commands. But you can make them to execute as root by changing their ownership to root and setting their SUID bit even when they were executed by a regular user. chown root apache_start apache_stop chgrp root apache_start apache_stop chmod ug+s apache_start apache_stop Now, any mortal (i.e., anyone who can log in to the machine, i.e., the "regular user") can start or stop the apache/tomcat combination by executing /usr/freeware/apache/sbin/apache_start and /usr/freeware/apache/sbin/apache_stop commands, respectively. But maybe you do not want it? Maybe you want only a select group of people to execute these commands? There are many ways to do it. One, would be to modify the wrappers, to check if the user who starts them belongs to a specific group or is on the list. I used a simpler way. I put these commands in a special directory, which is only accessible by root and group "tomcat". I also added the chosen few to the group tomcat in the file /etc/group. The line there was: tomcat:*:60002:tomcat,kenf,jkl i.e., the group consists of users tomcat, kenf, and jkl. Then I made the following things: cd /usr/freeware/apache/sbin mkdir up-down chown root up-down chgrp tomcat up-down chmod 750 up-down mv apache_start apache_stop up-down Now, when you are a chosen one, you start apache/tomcat by executing: /usr/freeware/apache/sbin/up-down/apache_start and stop apache/tomcat by executing /usr/freeware/apache/sbin/up-down/apache_stop Now, to save typing, you can make the links in directories which are always in the PATH, say: cd /usr/bin ln -s /usr/freeware/apache/sbin/up-down/apache_stop apache_stop ln -s /usr/freeware/apache/sbin/up-down/apache_start apache_start and then, the authorized people will be able to start and stop apache with: apache_start apache_stop If you are not a member of group tomcat, you will not be allowed to access anything under the up-down directory and it will bark: /usr/freeware/apache/sbin/up-down/apache_stop - Permission denied To make sure that things run hapilly, you can always do: ps -ef | egrep 'httpd|tomcat' To make it easier for people, I actually added a status option to the apache-tomcat. I also created a wrapper around it apache_status.c and compiled, and moved it to the up-down directory as described above for the others, with a difference that it does not need to be SUID: cd /usr/freeware/apache/sbin gcc -o apache_status apache_status.c mv apache_status up-down cd /usr/bin ln -s /usr/freeware/apache/sbin/up-down/apache_status apache_status So now to check if Apache and Tomcat is running, you can do: /usr/freeware/apache/sbin/apache-tomcat status or, if you are a chosen one among the group tomcat (or a root): apache_status Now, you need to make these things start at boot time. This will make it. case 1) ls -l /etc/init.d/apache tells you that there is apache startup/shutdown script in init.d. You do: cd /etc/init.d mv apache apache-freeware-original cp /usr/freeware/apache/sbin/apache-tomcat apache case 2) There is no /etc/init.d/apache file. You need to make also links: cd /etc/init.d cp /usr/freeware/apache/sbin/apache-tomcat apache cd /etc/rc2.d ln -s ../apache S90apache Now, the appeals to those of you who got to the end. Please help me keep this useful. Please send comments, and especially bug reports, or corrections to: jkl@ccl.net . Thanks...
Modified: Wed Oct 3 15:05:14 2001 GMT
Page accessed 461 times since Tue Mar 15 07:01:30 2005 GMT