Shulou(Shulou.com)06/02 Report--

Preface

There is such a scene, for the sake of security, the company needs to impose security restrictions on all employees who log in to the Linux server, requiring that employees who want to log in to the linux server except administrators cannot log in with the highest privilege account, to create new users, to control the permissions of directories and files, and to only allow read, write and execute permissions for directories that need to be operated, and other directories only have read permissions. And all tomcat cannot be started and stopped with startup.sh,shutdown.sh directly in bin. You can do this by writing a shell script, that is to say, there are two steps, creating a user and setting permissions, and writing a tomcat startup script. Let's complete these two steps.

1. First of all, let's create a normal user.

Groupadd tomcat # add group useradd-g tomcat-s / usr/sbin/nologin tomcat # add user usermod-L tomcat # lock password to the group to make the password invalid passwd tomcat # set the password

Through these four steps, we have created the ordinary user. When we create the user, we create the group first. After the group is created, we create the user and join the group.

After the user is created, the user begins to set permissions.

Chown-R tomcat:tomcat / data # assigns permissions to users

This gives the user tomcat permission to manipulate the data directory and its subdirectories, and-R represents that directory and its cascading subdirectories.

[root@localhost data] # ls-l total 0 drwxr-xr-x. 4 tomcat tomcat 79 May 20 08:03 tomcat [root@localhost data] #

At this point, through the ls-l command, we can see that the data directory already belongs to the tomcat user and has permission to view, write and execute.

two。 Once the user creation is complete, we will begin to complete the tomcat startup script.

As shown in the code:

#! / bin/bash tomcat_home=/data/tomcat/tomcat-8484 SHUTDOWN=$tomcat_home/bin/shutdown.sh STARTTOMCAT=$tomcat_home/bin/startup.sh case $1 in start) echo "launch $tomcat_home" $STARTTOMCAT cd / data/tomcat/tomcat-8484/logs tail-f catalina.out Stop) echo "close $tomcat_home" # $SHUTDOWN netstat-anp | grep 8484 | grep-v grep | awk'{print $7}'| sed-e's sed sed / ^ / kill-9 / g'| sh # pidlist= `ps-ef | grep tomcat | grep-v "grep" | awk'{print $2}'`# kill-9$ pidlist # Delete the log file If you don't delete it first, you can delete the temporary directory of tomcat # rm $tomcat_home/work/*-rf without the following line # rm $tomcat_home/work/*-rf Restart) echo "turn off $tomcat_home" $SHUTDOWN # pidlist= `ps-ef | grep tomcat | grep-v "grep" | awk'{print $2}'`# pidlist= `netstat-anp | grep 8484 | grep-v "grep" | awk'{print $2}'` # netstat-anp | grep 8484 | grep-v grep | awk'{print $7}'| sed-e's Unipede java Bard G' | sed-e's / ^ / kill-9 / g'| sh # kill-9$ pidlist sleep 5 echo "start $tomcat_home" $STARTTOMCAT # start Log # tail-f $tomcat_home/logs/catalina.out ; logs) cd / data/tomcat/tomcat-8484/logs tail-f catalina.out;; esac

The above code is the tomcat startup script, first we need to create a text file, and then change the suffix to .sh. Here I am using tomcat with port number 8484 as an example. You can see from the script file that you only need to make custom changes to your tomcat location and log location to use it. There are four commands, start,stop,restart,logs.

Once the script file is created, just put it on your server, and you can choose the location. I put it in the bin directory under tomcat.

In fact, after the script file is put into the server, it can not be used, there will be two problems to be solved, one is the format problem, the other is the permission problem. Because we are created by a text file and its format is text format, we want to change it to unix format, so we need to make the following settings

Sed-I "s /" tomcat-8484.sh # sets the script file to unix format

After completing the formatting, you have to set permissions for the script file, because the permission of the linux default file is drwxr-xr-x, that is, all run permissions are given to the file owner, that is, the system administrator (currently I am logged in with the system administrator), the read and run permissions are given to the group users, and the read permissions are given to other users, so we have to reset the script file permissions.

Chmod 777. / tomcat-8484.sh

The chmod command is a command to change permissions. What does this 777 mean?

In the Linux system, there are three kinds of permissions for files or directories: read-only, write-only, and executable.

According to the above table, the permission combination is the sum of the corresponding permission values, as follows:

7 = 4 + 2 + 1 read and write permissions

5 = 4 + 1 read and run permissions

4 = 4 read-only permission

Therefore, you can understand the meaning of the chmod 777. / tomcat-8484.sh command.

At this point, our tomcat startup script is complete, so let's demonstrate it.

Start

[root@localhost bin] #. / tomcat-8484.sh start launch / data/tomcat/tomcat-8484 Using CATALINA_BASE: / data/tomcat/tomcat-8484 Using CATALINA_HOME: / data/tomcat/tomcat-8484 Using CATALINA_TMPDIR: / data/tomcat/tomcat-8484/temp Using JRE_HOME: / usr Using CLASSPATH: / data/tomcat/tomcat-8484/bin/bootstrap.jar:/data/tomcat/tomcat-8484/bin/tomcat-juli.jar Tomcat started.

Let's check the process to see if it's really started.

[root@localhost bin] # ps-ef | grep tomcat root 5569 1 7 14:09 pts/0 00:00:06 / usr/bin/java-Djava.util.logging.config.file=/data/tomcat/tomcat-8484/conf/logging.properties-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager-Djdk.tls.ephemeralDHKeySize=2048-Djava.protocol.handler.pkgs=org.apache.catalina.webresources-Dignore.endorsed.dirs=-classpath / data/tomcat/tomcat-8484/bin/bootstrap.jar:/data/tomcat/tomcat -8484/bin/tomcat-juli.jar-Dcatalina.base=/data/tomcat/tomcat-8484-Dcatalina.home=/data/tomcat/tomcat-8484-Djava.io.tmpdir=/data/tomcat/tomcat-8484/temp org.apache.catalina.startup.Bootstrap start root 5611 5340 0 14:10 pts/0 00:00:00 grep-color=auto tomcat

You can see that there is no problem with startup.

Close

[root@localhost bin] #. / tomcat-8484.sh stop off / data/tomcat/tomcat-8484 sh: line 2: kill: (18484)-No such process [root@localhost bin] # ps-ef | grep tomcat root 5621 5340 0 14:13 pts/0 00:00:00 grep-color=auto tomcat

The viewing process is indeed closed successfully, and our tomcat startup script is complete, and this script can also be extended on its own, such as checking the log immediately after startup.

Summary

The above is the whole content of this article. I hope the content of this article has a certain reference and learning value for everyone's study or work. Thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.