Setting Crowd to Run Automatically and Use an Unprivileged System User on UNIX

This page contains some useful information about running Crowd under Linux/UNIX:

  • Dedicated system user. For security reasons, and to keep your system administrator happy, you should probably create a dedicated non-root user to run Crowd.
  • Automatic startup. It is useful to set up Crowd to run automatically on UNIX startup.

Running Crowd as an Unprivileged User

Here is an example of some of the changes you can make to harden up the directory and file permissions for Crowd to run as a non-root user.

You will need to update the environment variables to suit your installation. This is also for use in BASH. If you are using a different shell, you might need to tweak some things.

#!/bin/bash
CROWD_USER="crowd"
CROWD_GROUP="crowd"
INSTALL_BASE="/opt/crowd/atlassian-crowd-3.5.1"
CROWD_HOME="/var/crowd-home"
sudo chgrp ${CROWD_GROUP} ${INSTALL_BASE}/{*.sh,apache-tomcat/bin/*.sh}
sudo chmod g+x ${INSTALL_BASE}/{*.sh,apache-tomcat/bin/*.sh}
sudo chown -R ${CROWD_USER} ${CROWD_HOME} ${INSTALL_BASE}/apache-tomcat/{logs,work,temp}
sudo touch -a ${INSTALL_BASE}/atlassian-crowd-openid-server.log
sudo mkdir ${INSTALL_BASE}/database
sudo chown -R ${CROWD_USER} ${INSTALL_BASE}/{database,atlassian-crowd-openid-server.log}

Getting Crowd to Start Automatically

  1. Create an init.d file (for example, 'crowd.init.d') inside your {CROWD_INSTALL} directory:

    #!/bin/sh -e
    # Crowd startup script
    #chkconfig: 2345 80 05
    #description: Crowd
    
    # Define some variables
    # Name of app ( JIRA, Confluence, etc )
    APP=crowd
    # Name of the user to run as
    USER=crowd
    # Location of Crowd install directory
    CATALINA_HOME=/usr/local/crowd/atlassian-crowd-3.5.1
    # Location of Java JDK
    export JAVA_HOME=/usr/lib/jvm/adoptopenjdk-8-hotspot-amd64
    
    case "$1" in
      # Start command
      start)
        echo "Starting $APP"
        /bin/su -m $USER -c "$CATALINA_HOME/start_crowd.sh &> /dev/null"
        ;;
      # Stop command
      stop)
        echo "Stopping $APP"
        /bin/su -m $USER -c "$CATALINA_HOME/stop_crowd.sh &> /dev/null"
        echo "$APP stopped successfully"
        ;;
       # Restart command
       restart)
            $0 stop
            sleep 5
            $0 start
            ;;
      *)
        echo "Usage: /etc/init.d/$APP {start|restart|stop}"
        exit 1
        ;;
    esac
    
    exit 0
    
  2. Create a symbolic link from /etc/init.d/crowd to the init.d file file.
tip/resting Created with Sketch.

Hint for Red Hat systems

On Red Hat and Red Hat-based systems such as CentOS, if you put the above script in /etc/init.d, you can create the necessary symbolic links with the chkconfig script, since all the rrequired information is in the script header.

sudo /sbin/chkconfig --add SCRIPT_NAME

Replace "SCRIPT_NAME" with whatever the real name of the script is.

情報を提供して頂きありがとうございました

Thank you to Matthew Block and Pete Toscano for the original comments that we based this information on.

最終更新日 2019 年 9 月 20 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.