Date: Tue, 27 Aug 2002 18:39:22 -0700 (PDT) From: Dan Hulme <dan_256@yahoo.com> To: Greg Lewis <glewis@eyesbeyond.com>, Ernst de Haan <znerd@FreeBSD.ORG> Cc: dan_256@yahoo.com, K.J.Koster@kpn.com, freebsd-java@FreeBSD.ORG Subject: Re: Jboss3ctl update (I think I know the problem) Message-ID: <20020828013922.50148.qmail@web13402.mail.yahoo.com> In-Reply-To: <20020828094127.A58001@misty.eyesbeyond.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Basically, that's it. The .java_wrapper script is not exactly the problem, but the ENV. As I stated in my original post (http://www.geocrawler.com/archives/3/162/2002/6/0/9029840/), the problem is two-fold. In my understanding, the entire ENV will be ignored any time you are SUIDing. Even if I am wrong about that, the LD_LIBRARY_PATH, which the .java_wrapper usually sets to link in some libs for java will be ignored according to "man ldconfig" when SUIDing. Now, I haven't played with 1.4, but my suspicion is that it will work no better. If, however, it doesn't need to set up extra ENV variables, it might just work. When I say "static," I'm referring to the ability to run the program w/o linking in the extra shared libs like ld-elf.so.1. Unless these are in the "safe paths," or are statically linked in, it seems that java will depend on the LD_LIBRARY_PATH, which is guaranteed not to work during SUID. Someone can let me know if this works, or I'll try it out later. By the way, an alternate way of accomplishing this (that I used) w/o SUID is a little strange. Basically you allow an SSH which only can run one command (e.g., command='jboss3ctl restart' in the authorized_keys) for a user 'jboss' or something. Then all you need to do is "ssh jboss@localhost" and it will run the command as that user (not SUID). My reasons for doing this were actually for my specific purposes, but it made it very easy to restart the daemon remotely. It can be used locally, or remotely if you like. It's not a very clean solution for all cases, however. > Since it has only one threading subsystem, 1.4 uses a natively executable > java rather than a shell script wrapper. Its not static in the usual sense > of the word, but I think Dan was using that term in respect to a native > executable rather than an interpreted script. __________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-java" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020828013922.50148.qmail>