4

I'm trying to use jsvc to make a daemon process, and it sounds like certain things can be done as root with it (for example, Tomcat can apparently bind to privileged ports). What I'm wondering is how to do that.

In my simple Daemon program, I try to open some files that are only readable as root during the init() process, but I'm already running as the user I selected by then (in my case, "nobody"). If Tomcat can bind to privileged ports, it seems like I should be able to open root-owned config files.

Am I trying to do something that jsvc isn't meant for, or am I just missing something?

My code:

public class MediaProcessorDaemon implements Daemon {

    ClassPathXmlApplicationContext spring = null;

    /*- (non-Javadoc)
     * @see org.apache.commons.daemon.Daemon#init(org.apache.commons.daemon.DaemonContext)
     */
    @Override
    public void init(DaemonContext context) throws DaemonInitException, Exception {
        /* This next line throws an exception */
        this.spring = new ClassPathXmlApplicationContext("/META-INF/spring/media-processor-context.xml");
    }

    /*- (non-Javadoc)
     * @see org.apache.commons.daemon.Daemon#start()
     */
    @Override
    public void start() throws Exception {
        this.spring.start();
    }

    /*- (non-Javadoc)
     * @see org.apache.commons.daemon.Daemon#stop()
     */
    @Override
    public void stop() throws Exception {
        if (this.spring != null) {
            this.spring.stop();
        }
    }

    /*- (non-Javadoc)
     * @see org.apache.commons.daemon.Daemon#destroy()
     */
    @Override
    public void destroy() {
        if (this.spring != null) {
            this.spring.close();
        }
    }
}

And the error message:

org.springframework.beans.factory.BeanInitializationException: Could not load properties; nested exception is java.io.FileNotFoundException: /etc/media/media-processor.properties (Permission denied)
        at org.springframework.beans.factory.config.PropertyResourceConfigurer.postProcessBeanFactory(PropertyResourceConfigurer.java:78)
        at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:663)
        at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:638)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:407)
        at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)
        at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:83)
        at com.mycompany.mediaprocessor.MediaProcessorDaemon.init(MediaProcessorDaemon.java:24)
[snip]

So in init(), I'm trying to open a file which is readable only by root (/etc/media/media-processor.properties), and I'm getting "Permission denied".

I execute it like this:

sudo jsvc -debug -user nobody -cp $classPath com.mycompany.MediaProcessorDaemon
Brendan Long
  • 53,280
  • 21
  • 146
  • 188
  • When you installed jsvc did you make sure the binary is setuid, and is it owned by root? – Jim Garrison Jul 21 '11 at 20:02
  • @Jim Garrison - I'm running it using `sudo` so that shouldn't be a problem. It won't run as non-root. – Brendan Long Jul 21 '11 at 20:25
  • Please show the complete command-line being used to start the daemon. – Jim Garrison Jul 21 '11 at 21:13
  • Also, did you implement the Dameon interface or just implement `start()`, `stop()`, `init()` and `destroy()` methods? It would help if you could post at least a skeleton of your Java code. – Jim Garrison Jul 21 '11 at 21:15
  • @Jim Garrison: I added my code, the exception, and how I'm running it. – Brendan Long Jul 21 '11 at 22:19
  • Just a guess, but what happens if you make the jsvc binary setuid/setgid and owned by root, and then don't use sudo? That's the way it was intended to work and sudo may be interfering with the process. Remember that there are three processes involved, and if you use sudo it's possible only the controller process gets launched as root, which would subvert the intended operation and result in the behavior you see. – Jim Garrison Jul 22 '11 at 14:26
  • See http://commons.apache.org/daemon/jsvc.html#How_jsvc_works – Jim Garrison Jul 22 '11 at 14:27
  • I tried that and it's the same. I think you'd have to write a program pretty badly for sudo to not work right (and there are instances of people talking about starting Tomcat using `sudo jsvc ...`). – Brendan Long Jul 22 '11 at 16:08
  • @BrendanLong let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/1740/discussion-between-jim-garrison-and-brendan-long) – Jim Garrison Jul 22 '11 at 16:24
  • I'm having the same problem -- was there ever a resolution? – Ilane Jun 18 '15 at 22:37
  • @llane I never found a solution.. :\ – Brendan Long Jun 20 '15 at 08:54

0 Answers0