All,
I have a user called "mfg" that is used to start the databases and Apache and all database related functions. I set up another user "mfgapp" that is supposed to be a duplicate of the user "mfg" but rather than having command prompt access run a menu.
From the menu the "mfgapp" user can run the Apache shutdown and start up scripts to reset Apachine if the QAD NetUi front end hangs (That is another issue.) I set this up so that they can restart Apache if I am not available.
This works fine until they exist the menu - then the Apache server goes down again. What can I do to avoid this?
User mfg - cd /apps/tomcat/apache-tomcat-7.0.54/bin then run [dot]/startup.sh works fine even when user exits User mfgapp - logs in and get menu - chooses reset which run the /apps/scripts/tomcat_reset script which was set up for us and does /apps/tomcat/apache-tomcat-7.0.54/bin/shutdown.sh sleeps 10 seconds Then /apps/tomcat/apache-tomcat-7.0.54/bin/startup.sh
When complete the user is returned to the menu and tomcat is running but if user exits the process seems to die and tomcat goes down.
What should I look at changing - adjusting?
Make sure you are launching the appropriate parts of the scripts with nohup. It may be as simple as using nohup /apps/tomcat/apache-tomcat-7.0.54/bin/startup.sh > /pathto/yourlogfile.txt 2>&1 &
Or you may have to dig into the scripts and replace any simple & used to run something in the background with a proper nohup.
Depending on which shell and shell settings being used by the mfg user and the mfgapp user/menu script the behavior of a simple & to run something in the background can be very different.
Also make sure that the menu script/mfgapp .profile doesn't have specific code/traps to kill off processes.
Thanks Keith,
I thing it may be more of an issue with the menu script and trapping as this was an old menu system I adapted and it did do a lot of clean up when the user logged off. I might have to submit the start up with nohup to avoid the clean up killing it. I will add this to the script and see what happens the next time we need to run it.
This may (probably is) unrelated but when I set up the user mfgapp to be like mfg it does not look to be quite the same. Could this have some difference. In UNIX the id not "." [dot] after the permission but in Linux there is and I cannot find anything on what this is
mfg:/home
$> ls -lia
131298 drwxrwxr-x. 45 mfg qad 20480 Aug 22 12:37 mfg
393489 drwxrwxr-x 4 mfgapp qad 4096 Jul 25 14:44 mfgapp
The period at the end means SELinux has an extended attribute/mode set for that directory (and probably files underneath it).
You can confirm by running the following:
ls -Z /home
getfattr -n security.selinux /home/mfg
One or both of those should work on most Linux variants.
Is there a help for setting these attribute or what are the basic commands. This is all new stuff for a old UNIX guy
SELinux is the most recent flavor of security add ons that auditors love to have on their check list.
A couple of links..
selinuxproject.org/.../Main_Page
It can really help to control things if you need to/are forced to. A lot of the attributes can be set without being enforced.
To find out if you care run sestatus from a command prompt and talk to your Linux admins.
Thanks I will look into this. I am just a one man shop and haven't really done DBA stuff for nearly 15 years so a lot to refresh and learn