3 Replies Latest reply on Aug 10, 2017 10:11 AM by mqpaul

    Run JBOSS EAP 6.4 as a linux service as non-root user without password

    avnishc

      I would like to run JBOSS EAP 6.4 as a linux service using user "jboss" without using password.

      Currently when I am issuing command "service jboss start" I am being prompted for password.

      I have created file called "jboss" under */etc/init.d/* and it looks like this

       

       

      #!/bin/sh
          #
          # JBoss standalone control script
          #
          # chkconfig: - 80 20
          # description: JBoss EAP Standalone
          # processname: standalone
          # pidfile: /usr/local/jboss-eap-6.4/jboss-eap-standalone.pid
          # config: /usr/local/jboss-eap-6.4/bin/standalone.conf
          
          # Source function library.
          . /etc/init.d/functions
          
          export JBOSS_USER=jboss
          
          # Load Java configuration.
          [ -r /etc/java/java.conf ] && . /etc/java/java.conf
          export JAVA_HOME
          
          # Load JBoss AS init.d configuration.
          if [ -z "$JBOSS_CONF" ]; then
            JBOSS_CONF=“/usr/local/jboss-eap-6.4/bin/standalone.conf"
          fi
          
          [ -r "$JBOSS_CONF" ] && . "${JBOSS_CONF}"
          
          # Set defaults.
          
          if [ -z "$JBOSS_HOME" ]; then
            JBOSS_HOME=/usr/local/jboss-eap-6.4
          fi
          export JBOSS_HOME
          
          if [ -z "$JBOSS_PIDFILE" ]; then
            JBOSS_PIDFILE=/usr/local/jboss-eap-6.4/jboss-eap-standalone.pid
          fi
          export JBOSS_PIDFILE
          
          if [ -z "$JBOSS_CONSOLE_LOG" ]; then
            JBOSS_CONSOLE_LOG=/usr/local/jboss-eap-6.4/standalone/log/console.log
          fi
          
          if [ -z "$STARTUP_WAIT" ]; then
            STARTUP_WAIT=30
          fi
          
          if [ -z "$SHUTDOWN_WAIT" ]; then
            SHUTDOWN_WAIT=30
          fi
          
          if [ -z "$JBOSS_CONFIG" ]; then
            JBOSS_CONFIG=standalone-full.xml
          fi
          
          JBOSS_SCRIPT=$JBOSS_HOME/bin/standalone.sh
          
          prog='jboss-eap-6.4'
          
          CMD_PREFIX=''
          
          if [ ! -z "$JBOSS_USER" ]; then
            if [ -r /etc/rc.d/init.d/functions ]; then
              CMD_PREFIX="daemon --user $JBOSS_USER"
              else
              CMD_PREFIX="su - $JBOSS_USER -c"
            fi
          fi
          
          start() {
            echo -n "Starting $prog: "
            if [ -f $JBOSS_PIDFILE ]; then
              read ppid < $JBOSS_PIDFILE
              if [ `ps --pid $ppid 2> /dev/null | grep -c $ppid 2> /dev/null` -eq '1' ]; then
                echo -n "$prog is already running"
                failure
                echo
                return 1
              else
                rm -f $JBOSS_PIDFILE
              fi
            fi
            mkdir -p $(dirname $JBOSS_CONSOLE_LOG)
            cat /dev/null > $JBOSS_CONSOLE_LOG
          
            mkdir -p $(dirname $JBOSS_PIDFILE)
            chown $JBOSS_USER $(dirname $JBOSS_PIDFILE) || true
            #$CMD_PREFIX JBOSS_PIDFILE=$JBOSS_PIDFILE $JBOSS_SCRIPT 2>&1 > $JBOSS_CONSOLE_LOG &
            #$CMD_PREFIX JBOSS_PIDFILE=$JBOSS_PIDFILE $JBOSS_SCRIPT &
          
            if [ ! -z "$JBOSS_USER" ]; then
              if [ -r /etc/rc.d/init.d/functions ]; then
                daemon --user $JBOSS_USER LAUNCH_JBOSS_IN_BACKGROUND=1 JBOSS_PIDFILE=$JBOSS_PIDFILE $JBOSS_SCRIPT -c $JBOSS_CONFIG > $JBOSS_CONSOLE_LOG 2>&1 &
                else
                su - $JBOSS_USER -c "LAUNCH_JBOSS_IN_BACKGROUND=1 JBOSS_PIDFILE=$JBOSS_PIDFILE $JBOSS_SCRIPT -c $JBOSS_CONFIG" > $JBOSS_CONSOLE_LOG 2>&1 &
              fi
            fi
          
            count=0
            launched=false
          
            until [ $count -gt $STARTUP_WAIT ]
            do
              grep 'JBAS015961:' $JBOSS_CONSOLE_LOG > /dev/null
              if [ $? -eq 0 ] ; then
                launched=true
                break
              fi
              sleep 1
              let count=$count+1;
            done
          
            if [ "$launched" = "false" ] ; then
              echo "$prog failed to startup in the time allotted"
              failure
              echo
              return 7
            fi
          
            success
            echo
           return 0
          }
          
          stop() {
            echo -n $"Stopping $prog: "
            count=0;
          
            if [ -f $JBOSS_PIDFILE ]; then
              read kpid < $JBOSS_PIDFILE
              let kwait=$SHUTDOWN_WAIT
          
              # Try issuing SIGTERM
          
              kill -15 $kpid
              until [ `ps --pid $kpid 2> /dev/null | grep -c $kpid 2> /dev/null` -eq '0' ] || [ $count -gt $kwait ]
              do
                sleep 1
                let count=$count+1;
              done
          
              if [ $count -gt $kwait ]; then
                kill -9 $kpid
              fi
            fi
            rm -f $JBOSS_PIDFILE
            success
            echo
          }
          
          status() {
            if [ -f $JBOSS_PIDFILE ]; then
            read ppid < $JBOSS_PIDFILE
              if [ `ps --pid $ppid 2> /dev/null | grep -c $ppid 2> /dev/null` -eq '1' ]; then
                echo "$prog is running (pid $ppid)"
                return 0
              else
                echo "$prog dead but pid file exists"
                return 1
              fi
            fi
            echo "$prog is not running"
            return 3
          }
          
          case "$1" in
            start)
                start
                ;;
            stop)
                stop
                ;;
            restart)
                $0 stop
                $0 start
                ;;
            status)
                status
                ;;
            *)
                ## If no parameters are given, print which are avaiable.
                echo "Usage: $0 {start|stop|status|restart|reload}"
                exit 1
                ;;
          esac
      

       

      My */etc/sudoers* file has following entries

       

       

          ALL ALL=(root) NOPASSWD: /bin/su - jboss
          ALL ALL=(root) NOPASSWD: /sbin/service jboss start 
          ALL ALL=(root) NOPASSWD: /sbin/service jboss stop
          ALL ALL=(root) NOPASSWD: /sbin/service jboss status
      

       

      JBOSS location = */usr/local/jboss-eap-6.4* and following are the permission on this

       

       

      drwxrwxr-x. 11 jboss jboss 236 Mar 27  2015 jboss-eap-6.4
      

       

       

      Permission on */etc/init.d/jboss*

       

       

       -rwxr-xr-x. 1 root root  3917 Aug  6 16:23 jboss
      

       

       

      I am newbie to JBOSS and LINUX. So please help me out to achieve this.

        • 1. Re: Run JBOSS EAP 6.4 as a linux service as non-root user without password
          mqpaul

          Do you run "/sbin/service jboss start" as the root user? Else you should use sudo in front of the service command.

           

          This line in the /etc/init.d script "chown $JBOSS_USER $(dirname $JBOSS_PIDFILE) || true"  can only be executed by root normally.

          • 2. Re: Run JBOSS EAP 6.4 as a linux service as non-root user without password
            avnishc

            When I run it as root user it runs fine no issues. But I would like to run it as user jboss without entering password and when I use sudo in front of service command logged in as jboss user I am being prompted for sudo password for user jboss.

            • 3. Re: Run JBOSS EAP 6.4 as a linux service as non-root user without password
              mqpaul

              You can add an extra check if it runs as the jboss user. As Jboss you do not need to use sudo to start it.

               

              if [ ! -z "$JBOSS_USER" ]; then

                  if [ $(/usr/bin/id -un) = "$JBOSS_USER"  ] ; then

                    LAUNCH_JBOSS_IN_BACKGROUND=1 JBOSS_PIDFILE=$JBOSS_PIDFILE $JBOSS_SCRIPT -c $JBOSS_CONFIG $JBOSS_OPTIONS 2>&1 > $JBOSS_CONSOLE_LOG &

                  elif [ -r /etc/rc.d/init.d/functions ]; then

                    daemon --user $JBOSS_USER LAUNCH_JBOSS_IN_BACKGROUND=1 JBOSS_PIDFILE=$JBOSS_PIDFILE $JBOSS_SCRIPT -c $JBOSS_CONFIG $JBOSS_OPTIONS 2>&1 > $JBOSS_CONSOLE_LOG &

                  else

                    su - $JBOSS_USER -c "LAUNCH_JBOSS_IN_BACKGROUND=1 JBOSS_PIDFILE=$JBOSS_PIDFILE $JBOSS_SCRIPT -c $JBOSS_CONFIG $JBOSS_OPTIONS" 2>&1 > $JBOSS_CONSOLE_LOG &

                  fi

                fi