Re: Tomcat silently shuts down after 10 minutes

[Michael Kosma]

Bryan,

I would set Tomcat up as a service and let systemd handle startup and
shutdown.

Create a unit file for tomcat: /etc/systemd/system/tomcat.service
- Begin Unit File Contents 

[Unit]

Description=Tomcat 9.0

After=network.target



[Service]

Type=forking



User=joe

Group=joe



Environment="JRE_HOME="

Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"

Environment="CATALINA_BASE=/opt/apache-tomcat-9.0.14"

Environment="CATALINA_HOME=/opt/apache-tomcat-9.0.14"

Environment="CATALINA_PID=/opt/apache-tomcat-9.0.14/temp/tomcat.pid"

Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"



ExecStart=/opt/apache-tomcat-9.0.14/bin/startup.sh

ExecStop=/opt/apache-tomcat-9.0.14/shutdown.sh



[Install]

WantedBy=multi-user.target

 End Unit File Contents 


You might need to adjust or omit the JAVA_OPTS and CATALINA_OPTS for your
use case. Then set this up to automatically start when the system boots if
you like.

systemctl enable tomcat.service


Then I would create a new group like "TomcatAdmins" and configure in
/etc/sudoers using visudo to allow %TomcatAdmins to run the following
commands as root:

systemctl stop tomcat

systemctl start tomcat

systemctl restart tomcat


Then add the TomcatAdmins group to the appropriate users and instruct them
to use:

sudo systemctl stop tomcat

sudo systemctl start tomcat


I hope this is helpful.


Mike



On Thu, Jul 4, 2024 at 7:48 AM Bryan Buchanan 
wrote:

> I'm running Tomcat 9.0.14 on Centos 8 with JDK 15.
>
> Tomcat is loaded in /opt/tomcat, the directory owned by "joe". If I login
> as "joe" and start Tomcat, everything is fine.
>
> We have people login to the Centos system to run the business application
> as "mary", "jane", "fred" etc. Sometimes they want to shutdown Tomcat, for
> example if they wish to load a price update to the DBMS or whatever. To
> enable them to do this from within the business application, I wrote a
> setuid() C program which sets the effective user as "joe" and executes
> /opt/tomcat/bin/shutdown.sh or /opt/tomcat/bin/startup.sh. This does
> startup Tomcat, but 10 minutes later it dies. Nothing is logged that is
> unusual. These are the last few lines when it dies:
>
> 04-Jul-2024 21:45:01.154 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in [54,789]
> milliseconds
> 04-Jul-2024 21:54:10.149 INFO [Thread-3]
> org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler
> ["http-nio-8080"]
> 04-Jul-2024 21:54:10.157 INFO [Thread-3]
> org.apache.catalina.core.StandardService.stopInternal Stopping service
> [Catalina]
> 04-Jul-2024 21:54:10.194 WARNING [Thread-3]
> org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesJdbc The
> web application [TPDRESTServer] registered the JDBC driver
> [org.postgresql.Driver] but failed to unregister it when the web
> application was stopped. To prevent a memory leak, the JDBC Driver has been
> forcibly unregistered.
> 04-Jul-2024 21:54:10.196 WARNING [Thread-3]
> org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesThreads The
> web application [TPDRESTServer] appears to have started a thread named
> [Tomcat JDBC Pool Cleaner[862048902:1720093501299]] but has failed to stop
> it. This is very likely to create a memory leak. Stack trace of thread:
> java.base@15/java.lang.Object.wait(Native Method)
> java.base@15/java.util.TimerThread.mainLoop(Timer.java:553)
> java.base@15/java.util.TimerThread.run(Timer.java:506)
> 04-Jul-2024 21:54:10.231 INFO [Thread-3]
> org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler
> ["http-nio-8080"]
> 04-Jul-2024 21:54:10.243 INFO [Thread-3]
> org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler
> ["http-nio-8080"]
>
> My C program is:
>
> int main (int argc, char *argv[]) {
> if (argc != 2) {
> printf("%s", "Syntax: ManageTomcat START|STOP");
> return(0);
> }
> printf("%s\n", argv[0]);
> printf("%s\n", argv[1]);
>
> setuid(1000);
>
> if(strcmp(argv[1], "STOP")) {
> system("/opt/apache-tomcat-9.0.14/bin/startup.sh");
> } else {
> system("/opt/apache-tomcat-9.0.14/bin/shutdown.sh");
> } return(1);
> }
> Any ideas would be appreciated.
>
> Bryan

[ANN] Apache Tomcat 11.0.0-M22 (beta) available

[Mark Thomas]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M22 (beta).

Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications.

Users of Tomcat 10 onwards should be aware that, as a result of the move
from Java EE to Jakarta EE as part of the transfer of Java EE to the
Eclipse Foundation, the primary package for all implemented APIs has
changed from javax.* to jakarta.*. This will almost certainly require
code changes to enable applications to migrate from Tomcat 9 and earlier
to Tomcat 10 and later. A migration tool is available to aid this process.

Apache Tomcat 11.0.0-M22 is a milestone release of the 11.0.x branch and
has been made to provide users with early access to the new features in
Apache Tomcat 11.0.x so that they may provide feedback. The notable
changes compared to 11.0.0-M21 include:

- Move OpenSSL support using FFM to a separate JAR named
  tomcat-coyote-ffm.jar that advertises Java 22 in its manifest.

- When using include directives in a tag file packaged in a JAR file,
  ensure that the include directives are processed correctly.

-  Expand the implementation of the filter value of the Authenticator
   attribute allowCorsPreflight, so that it applies to all requests that
   match the configured URL patterns for the CORS filter, rather than
   only applying if the CORS filter is mapped to /*

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-11.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-11.cgi

Migration guides from Apache Tomcat 9.0.x and 10.1.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[ANN] New committer: Dimitris Soumis

[Mark Thomas]

On behalf of the Tomcat committers I am delighted to announce that
Dimitris Soumis (dsoumis) has been voted in as a new Tomcat committer.

Please join me in congratulating Dimitris.

Kind regards,

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat silently shuts down after 10 minutes - SOLVED

[Bryan Buchanan]

Thanks all for the replies.

Turns out I needed to execute my "C" program with a "nohup" i.e.

$ nohup /usr/local/bin/ManageTomcat START

Tomcat was only stopping after about 10 mins because that's when I logged out. 
Doh !

In the business app code I now execute the above and regular users can now 
start and stop Tomcat as needed. So far seems to be working out OK.






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] New committer: Dimitris Soumis

[Jonathan S. Fisher]

Many new committers lately, congrats to everyone!

On Fri, Jul 5, 2024 at 2:25 PM Mark Thomas  wrote:
>
> On behalf of the Tomcat committers I am delighted to announce that
> Dimitris Soumis (dsoumis) has been voted in as a new Tomcat committer.
>
> Please join me in congratulating Dimitris.
>
> Kind regards,
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


-- 
Jonathan | exabr...@gmail.com
Pessimists, see a jar as half empty. Optimists, in contrast, see it as
half full.
Engineers, of course, understand the glass is twice as big as it needs to be.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] New committer: Dimitris Soumis

[Mcalexander, Jon J.]

Congratulations!!!

From: Jonathan S. Fisher 
Sent: Friday, July 5, 2024 6:00:30 PM
To: Tomcat Users List 
Cc: Tomcat Developers List 
Subject: Re: [ANN] New committer: Dimitris Soumis

Many new committers lately, congrats to everyone! On Fri, Jul 5, 2024 at 2: 25 
PM Mark Thomas  wrote: > > On behalf of the Tomcat 
committers I am delighted to announce that > Dimitris Soumis (dsoumis) has been


Many new committers lately, congrats to everyone!

On Fri, Jul 5, 2024 at 2:25 PM Mark Thomas  wrote:
>
> On behalf of the Tomcat committers I am delighted to announce that
> Dimitris Soumis (dsoumis) has been voted in as a new Tomcat committer.
>
> Please join me in congratulating Dimitris.
>
> Kind regards,
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


--
Jonathan | exabr...@gmail.com
Pessimists, see a jar as half empty. Optimists, in contrast, see it as
half full.
Engineers, of course, understand the glass is twice as big as it needs to be.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [ANN] New committer: Dimitris Soumis

[Igal Sapir]

Congrats Dimitris!

Welcome to the team!

Igal

On Fri, Jul 5, 2024, 13:25 Mark Thomas  wrote:

> On behalf of the Tomcat committers I am delighted to announce that
> Dimitris Soumis (dsoumis) has been voted in as a new Tomcat committer.
>
> Please join me in congratulating Dimitris.
>
> Kind regards,
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Inquiry about CVE-2024-5535 Vulnerability in Tomcat 10.1.20 Version

[Zhong, Peyton]

Dear Tomcat Community,

I am writing to inquire about the potential impact of the recently detected 
critical vulnerability: 
CVE-2024-5535 (9.1 CRITICAL / 
CVSS v3), in OpenSSL 3.0.13 on the Tomcat 10.1.20 version. According to Black 
Duck Binary Analysis (BDBA) scans, this vulnerability has been identified 
within the Tomcat 10.1.20 version. There are other detected vulnerabilities 
inside OpenSSL on Tomcat, such as CVE-2024-4603, CVE-2024-2511.

The detected file is: apache-tomcat-10.1.20/bin/tcnative-2.dll

Given this disconcerting discovery, we are seeking clarification on how 
CVE-2024-5535 may affect the Tomcat 10.1.20 version. It is of utmost importance 
for us to understand the implications of this vulnerability and to identify any 
available mitigations or patches to address this issue.

Your prompt attention to this matter is highly valued, and we would be grateful 
for any assistance or guidance you can provide to help us navigate this 
potential security concern.

Thank you for your time and consideration.


Best regards,
Peyton Zhong