2

I am using Runtime.getRuntime().exec(...) to execute a python script from within a Tomcat webapp. Everything goes fine when I am in my development environment (Eclipse running my local Tomcat (located at /home/me/opt/tomcat) through the Sysdeo-Plugin). The issue occurs when I run my webapp in the production environment (= Debian Squeeze).

I am using tomcat6 from the official debian packages. It is started automatically through /etc/init.d using the user "tomcat6" (verified with "ps aux | grep tomcat6"). I am executing my simple python script:

Process p = Runtime.getRuntime().exec("python /home/me/exec-test.py")
p.waitFor();
//read the stdout and stderr

The python script is straightforward:

#!/usr/bin/python
import sys, os, getpass

def main(argv):
    print "Working dir: " +os.getcwd()
    userShell = os.environ.get('SHELL')
    print "$SHELL set to: " +userShell
    print "Executing as user: "+getpass.getuser()

if __name__ == "__main__":
    main(sys.argv[1:])

The output if running tomcat from eclipse is: 

Working dir: /home/me/opt/tomcat
$SHELL set to: /bin/bash
Executing as user: me

When running using the tomcat6 from debian packages:

Working dir: /var/lib/tomcat6
$SHELL set to: /bin/bash
Executing as user: root

Why is the forked execution of the python script run as "root"? Shouldn't it be the same user which is owning the tomcat6 process (= running the JVM)? Am I missing something or perhaps the python call to get the process' user is not correct?

I have also tried using Apache Commons Exec with the same results.

The consequence is, that when I use a more complex python script which calls a local application (/usr/local/bin/local-app), it fails in the production environment. It is somehow not able to access local-app. Again, everything works fine in my development environment. Is this related to my observations?

matthes
  • 2,972
  • 3
  • 15
  • 18
  • 1
    Dumb question - is tomcat6 running as root? What does `System.getProperty("user.name")` in your Java code return? – durron597 Apr 10 '13 at 12:19
  • @durron597: forgot to say that, my bad. System.getProperty("user.name") responds with "tomcat6". – matthes Apr 10 '13 at 12:30
  • I almost wonder if this question should be migrated to serverfault, I don't think this is a Java/Python issue. – durron597 Apr 10 '13 at 12:34
  • For the python issue I came accross I think its settled ok. But the issue described in the last paragraph probably fits better to serverfault, your right. – matthes Apr 10 '13 at 12:39

1 Answers1

2

getpass.getuser() first looks at the environment variables 'LOGNAME', 'USER', 'LNAME', 'USERNAME' (in that order) before trying anything else, maybe one of then is set incorrectly.

Try using os.getuid() or pwd.getpwuid(os.getuid()) - that should give you another result.

I find it highly improbable that the process somehow gained root privileges.

mata
  • 67,110
  • 10
  • 163
  • 162
  • indeed, that worked out: os.getuid() returns the id of "tomcat6". Thanks! I should have rtfm of getpass.getuser() first :-) Still, I have the issue described in the last paragraph. Any hints? – matthes Apr 10 '13 at 12:31
  • 2
    the tomcat process must have the necessary access rights to execute the application, so you should check that. Without knowing what your app is doing (and maybe seeing some code), it's hard to say more. Maybe you should open a new question for that and post some code if the problem persists. – mata Apr 10 '13 at 12:38
  • 1
    I agree with mata, you should open a new question on the execution rights issue, except I think it should be on serverfault. Looks like you already agree from your other comment – durron597 Apr 10 '13 at 12:41
  • agree. thanks guys for the quick help, I guess I'll make it from here on! – matthes Apr 10 '13 at 12:46