Reputation: 555
What would happen if we change the shutdown port of tomcat to -1?
I was thinking what would happen if we change the shutdown port to -1
So I googled about the shutdown port and found that : It Defines the command string that must be received by the server on the configured address and port to shut down Tomcat.
I think if we change it to -1 then no one can shut down tomcat by hitting the shutdown command at particular port & address. Is there any other thing that will be affected by this change?
Upvotes: 1
Views: 6564
Answers (2)
Reputation: 11
According to Apache Tomcat Official Docs :
The TCP/IP port number on which this server waits for a shutdown command. This connection must be initiated from the same server computer that is running this instance of Tomcat. Set to -1 to disable the shutdown port.
Note: Disabling the shutdown port works well when Tomcat is started using Apache Commons Daemon (running as a service on Windows or with jsvc on un*xes). It cannot be used when running Tomcat with the standard shell scripts though, as it will prevent shutdown.bat|.sh and catalina.bat|.sh from stopping it gracefully.
https://tomcat.apache.org/tomcat-5.5-doc/config/server.html
Upvotes: 1
Reputation: 48067
The shutdown port can only be reached from localhost and listens for the configurable command. Once received, tomcat triggers a controlled and orderly shutdown.
I'm implying you would like to protect from something... Let's go through what I can think of:
- Somebody has access to your production server and would be able to connect to a localhost port: If someone that you don't trust leaving your tomcat running has access to your production server, you have a different problem.
That's the list of things that I think this protects you from.
If you're indeed sharing the server with others that you don't trust: Fix your permissions on the configuration files. Do not have them world-readable. Change the shutdown command to a long random string and you're set. This way you continue to be able to shut down tomcat in an orderly way, provided you get access to the machine with the user account tomcat runs under (or root).
In case you log in as the tomcat user, all bets would be off anyway: When you can't shut down orderly, you can always kill the process. So can root.
There's nothing to worry here. Fix your file's permissions and move on.
Upvotes: 0
Related Questions
- Why Tomcat will not bind to shutdown port (8005)?
- shutdown / undeploy tomcat from Servlet
- How to stop tomcat server safely when shutdown port is -1
- What is difference in ways Tomcat shuts down?
- How to configure Tomcat shutdown port in Spring Boot?
- how to start Tomcat shutdown listener at the beginning
- Terminate tomcat if port is already occupied
- How to check if Tomcat is configured to listen to shutdown?
- Why have a shutdown port in Tomcat?
- Shutdown Tomcat instance using Java