Run GlassFish V3 as a non-root Service on Linux Ubuntu/Debian
By ByronNevins on Mar 04, 2010
I already showed you how to setup GlassFish V3 as a Service on Linux here. In that blog I used root as the GlassFish "owner" for simplicity. In this blog we will do the same thing except with a non-root user. If you already have a user and/or you have V3 installed you can skip some of the earlier steps. Once again my main motivation is to get these procedures worked out carefully so that I can implement it automatically. Currently we support Windows and Solaris 10. For each step I'll also show you how to undo the change in case you want to rollback everything.
1. Create a user
I decided to create my own GlassFish user that exists solely to run GlassFish. You could use your own existing account as well. I also created a new group for use only by this user. I.e. I don't want this user to have any Linux admin privileges.
sudo groupadd glassfish
sudo useradd -s /bin/bash -d /home/glassfish -m -g glassfish glassfish
sudo userdel glassfish
sudo groupdel glassfish
2. Login as the new user in a terminal window and set a password (if desired)
sudo passwd glassfish
sudo -i -u glassfish
3. Install GlassFish V3 using user glassfish
rm -rf ~/glassfishv3
4. Exit the shell from step 2
5. Copy the script to /etc/init.d and configure it as a Service
sudo cp the-script /etc/init.d/glassfish
sudo update-rc.d glassfish defaults
sudo rm /etc/init.d/glassfish
sudo update-rc.d glassfish remove
You can start, stop or restart GlassFish V3 like so. Note that you must do it with an account that has admin privileges. The user "glassfish" ironically can not do this even though the server will run as "his" process.
sudo /etc/init.d/glassfish start|stop|restart
How to Allow GlassFish V3 to use ports less than 1024
This technique configures the firewall to send all port 80 traffic to port 8080. You can do the same thing for any other ports you need that are less than 1024. I don't know how to undo it.
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080
# Platform Services for GlassFish
SU="su --login $GF_USER --command "
case "$1" in
$SU "$ASADMIN start-domain > /dev/null 2>&1 &"
$SU "$ASADMIN stop-domain > /dev/null 2>&1 &"
$SU "$ASADMIN restart-domain > /dev/null 2>&1 &"
echo "usage: $0 (start|stop|restart|help)"