January 2012
« Dec   Feb »

Java virtual hosting with multiple FTP users

As we all are familiar with virtual hosting in Apache and we can isolate each users to publish their sites to a folder under thier home directory. So there is no any issue with operating the files copied on the hosting root.

Earlier I had started tomcat from the root account and created Virtual hosting in tomcat and isolate the hosting root according to the users. The issue I had faced is none of the FTP users to modify/delete the files in their hosting root since all the files are owned by the root account because of root user is operating tomcat service.

So I have to gave ssh access to the server and gave sudo command to deploy users newly uploaded files. So it’s a security threat to allow users to have ssh access and permit to operate sudo commands.

After few R&D I decided to run the tomcat service from a normal user who does not have shell access

Solution :

1. create new user and group for tomcat user

 #group add tomcat
  #useradd -g tomcat tomcat

2. Permitting tomcat users to access the Tomcat installation files

 # chown -R tomcat.tomcat /usr/local/apache-tomcat-6.0.29/

3. Start the tomcat daemon within the user account.

    [root@rc-040 public_html]# su - tomcat
    [tomcat@rc-040 ~]$ cd /usr/local/apache-tomcat-6.0.29/bin/
    [tomcat@rc-040 bin]$ sh
    Using CATALINA_BASE:   /usr/local/apache-tomcat-6.0.29
    Using CATALINA_HOME:   /usr/local/apache-tomcat-6.0.29
    Using CATALINA_TMPDIR: /usr/local/apache-tomcat-6.0.29/temp
    Using JRE_HOME:        /usr/java/jdk1.6.0_14
    Using CLASSPATH:       /usr/local/apache-tomcat-6.0.29/bin/bootstrap.jar
    [tomcat@rc-040 bin]$ netstat -nlp | grep "java"
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 :::8080                     :::*                        LISTEN      1837/java
[tomcat@rc-040 bin]$

You almost done !!! 🙂

Creating FTP users and Virtual hosting

a. An example of Virtualhost entry is showing below,

 [root@rc-040 public_html]# vi /usr/local/apache-tomcat-6.0.29/conf/server.xml

b. FTP user creation
1. create new user and set their primary group as tomcat.

 #useradd -g tomcat ftpuser1
        [root@rc-040 public_html]# chown -R ftpuser.tomcat /home/ftpuser/public_html

Setting sticky bit on the web directory where both users would have the same access

 [root@rc-040 public_html]# chmod -R  2777  /home/ftpuser/public_html

That’s it !!!!! Everything set..

Now upload your war file named as “ROOT.war” under the public_html folder and see the application running … 🙂 There is not need to restart the tomcat to deploy new application, Just like we do with Apache 🙂

You will get the sample war file from here “” for the initial testing.

Here are the some useful file locations/path if you plan to run the Tomcat as a backend server over the AJP connector in Apache ( Recommended by me 🙂 )

1. /etc/httpd/modules/
2. /etc/httpd/conf.d/jk.conf
3. /etc/httpd/conf.d/
4. /etc/httpd/conf.d/javasite1.conf

 [root@rc-040 public_html]# ls  /etc/httpd/modules/
[root@rc-040 public_html]# cat  /etc/httpd/conf.d/jk.conf
LoadModule jk_module /usr/lib/httpd/modules/
JkWorkersFile /etc/httpd/conf.d/
JkShmFile     /var/log/httpd/mod_jk.shm
JkLogFile     /var/log/httpd/mod_jk.log
JkLogLevel    info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
[root@rc-040 public_html]# cat  /etc/httpd/conf.d/
# Define 1 real worker using ajp13
# Set properties for worker1 (ajp13)
[root@rc-040 public_html]#

A sample Apache virtualhost entry

[root@rc-040 public_html]# cat /etc/httpd/conf.d/javasite1.conf
<VirtualHost *:80>
DocumentRoot /home/ftpuser/public_html
DirectoryIndex index.html dplpool/
Alias /  /home/ftpuser/public_html
ErrorLog logs/selfcare-javahost.log
JkMount /*.jsp worker1
#JkMount /   worker1
JkMount /* worker1

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>