Several issues are associated with Application Server startup when the Sun ONE Application Server is installed as part of a Solaris installation:
All application server and administrative server instances are started automatically during Solaris system startup. In many environments, not all the instances are expected to be started automatically during Solaris system startup. Starting every defined instance can adversely impact the memory that is available on a system.
When application server instances and administrative server instances are started automatically, the startup script for each instance is executed as root. Execution of nonroot-owned instance startup scripts can give nonroot user's access to the root user through modification of the instance-level startup scripts.
During the installation of the Sun ONE Application Server, the /etc/init.d/appserv script and symbolic links to the S84appserv and K05appserv scripts in the /etc/rc*.d/ directories are installed. These scripts cause all application server instances and administrative server instances, defined as part of the application server installation, to be started and stopped automatically during Solaris system startup and shutdown.
The /etc/init.d/appserv script contains the following section of code:
case "$1" in 'start') /usr/sbin/asadmin start-appserv ;; 'stop') /usr/sbin/asadmin stop-appserv ;;
Execution of the asadmin start-appserv command causes the administration server instance and all application server instances, defined in all administrative domains, to be started during Solaris system startup. Because the system startup and shutdown scripts are executed as root, the startup script for each application server and administrative server instance is also executed as root. The instance-level startup script is named startserv and is located at instance-dir/bin/startserv. Because instances can be owned by users other than root, the startserv scripts could be modified by the nonroot user to execute commands as the root user.
If an instance is using a privileged network port, the instance's startserv script must be executed as root. However, run as user is typically set in the instance's configuration. The purpose is to force the instance to run as the specified user after the instance has been initially started by the root user.
Workaround: Perform one of the following workarounds, depending on your environment:
If your environment does not require all application server and administrative server instances to be started as root, then comment out execution of the asadmin start-appserv and asadmin stop-appserv commands in the /etc/init.d/appserv script.
If your environment requires starting either specific administrative domains or specific instances within one or more administrative domains, you can modify or create a script to automate that process. Note that specific administrative domains include the administrative server instance and all application server instances of each domain.
Modify the /etc/init.d/appserv script to start the domains or instances of interest.
Define new /etc/rc*.d/ scripts that conform to the needs of your environment.
Startup Considerations: When modifying the Solaris software startup scripts to automatically start either specific application server administrative domains or specific application server instances, consider the following:
Starting a specific domain – If you want to start the administrative server instance and all application server instances of a specific administrative domain as the root user, modify the /etc/rc*.d/ scripts as follows:
case "$1" in 'start') /usr/sbin/asadmin start-domain --domain production-domain ;; 'stop') /usr/sbin/asadmin stop-domain --domain production-domain ;;
Starting a specific application server instance as a nonroot user – Modify the /etc/rc*.d/ scripts to use the su command with the -c option.
case "$1" in 'start') su - usera -c "/usr/sbin/asadmin start-instance --domain test-domain instance-a" su - userb -c "/usr/sbin/asadmin start-instance --domain test-domain instance-b" ;; 'stop') su - usera -c "/usr/sbin/asadmin stop-instance --domain test-domain instance-a" su - userb -c "/usr/sbin/asadmin stop-instance --domain test-domain instance-b" ;;
See the Sun ONE Application Server 7 Administrator's Guide for more information on the startup and shutdown commands that are available through the asadmin command-line interface.