Saturday, May 19, 2007

On Running Tomcat Service as Another User

I've always used the Tomcat Service Manager to start/stop tomcat (the little icon in the system tray or notification area of the WinXP taskbar). It's so easy and convenient ... right click the Start Service/Stop Service.

However, I have noticed some weird behavior when web applications deployed to Tomcat use environment variable such as USER_HOME. For instance, when starting OpenMRS, the application needs to get the "user.home" system property in order to load modules, runtime properties, etc from the home directory of the user who started Tomcat.

Because the Tomcat Service Manager starts the Tomcat instance as the LocalSystem user (which doesn't have an actual user account on my machine), it can't find the directory specified by the "user.home" variable. Actually, it usually returns just "Application Data", which causes OpenMRS to look under "c:\Application Data", instead of "c:\Documents and Settings\LocalSystem\Application Data".

Attempt #1
My first thought was to configure Tomcat Service Manager to use a different user when starting up. I opened the Tomcat Service Manager Properties dialog (right click Tomcat > Configure... in the task tray), navigated to the "Log On" tab, and configured Tomcat to run as me. I saved the settings, closed the dialog, and restarted Tomcat.

And ...

Nothing. Same result as before. Even more strange was the fact that sometimes the user.home was "c:\Application Data" and other times it was set to "c:\Documents and Settings\Default User". I wouldn't care if it was one or the other, but the constant switching was causing weird behavior in OpenMRS.

I found the following bug to help explain this behavior.

It looks like the developers are just going to squash this bug (which is fine), but if anyone needs this functionality, let them know.

Attempt #2
My next solution was to create a new user account for the LocalSystem user. I'm still testing this out and will post the results when I get a chance.

I believe you might also be able to specify a username/password using the tomcat5 service commands, but I'll go with a quick fix until that becomes necessary.

Attempt #3
So it turns out that while the Tomcat Service Manager does not implement the "Log On As" feature, the Windows Service does. If you're using Tomcat Service Manager, then you will have an Apache Tomcat or TomcatX (where X=the major version number) service installed. You can check the Log On settings by following these instructions.

1. Click on Start, Control Panel, Administrative Tools then Services.

2. Right click on Apache Tomcat and select Properties.

3. Click on the Log On tab and fill in the authentication details of the Windows user that you want to start Tomcat.

4. Q.E.D

1 comment:

Anonymous said...

Thanks for the post! I was mystified as to why setting the login user in the Tomcat Monitor did not work!