Run Tomcat7 as tomcat7 (or any other) user
The most common way is to install the standard tomcat7
package with apt-get
and to start it using:
sudo service tomcat7 start
The default user and group are configured in /etc/default/tomcat7
as you can see in this excerpt:
# Run Tomcat as this user ID. Not setting this or leaving it blank will use the
# default of tomcat7.
TOMCAT7_USER=tomcat7
# Run Tomcat as this group ID. Not setting this or leaving it blank will use
# the default of tomcat7.
TOMCAT7_GROUP=tomcat7
EDIT: Please read comments below! This solution may not be applicable to all situations.
The accepted answer is great but since I run Tomcat 7 on Ubuntu 14.04 there were some additional things I needed to do in order to get everything running:
- You need to stop the tomcat service before editing the file
/etc/default/tomcat7
. Once you change the user and group, it will no longer be possible to stop a service using the old user. Change the user and group in the file
/etc/default/tomcat7
You need to change ownership of the folder
/var/log/tomcat7
and all of it's files. Please note that it is an advantage to keep the adm group so that all adm users can read the logs.sudo chown -R newuser:adm /var/log/tomcat7
Change ownership of the folder
/var/lib/tomcat7/webapps
sudo chown -R newuser:newgroup /var/lib/tomcat7/webapps
If running on port 80/443 on Ubuntu 14.04 you need to change ownership of the authbind files:
sudo chown newuser /etc/authbind/byport/80
sudo chown newuser /etc/authbind/byport/443
Change ownership of the working folder
sudo chown newuser:adm /var/cache/tomcat7
sudo chown -R newuser:newgroup /var/cache/tomcat7/Catalina
Make config files readable. Here you have two options: Either add you new user to the tomcat7 group by:
sudo usermod -a -G tomcat7 newuser
...or change ownership of the config files:
sudo chown -R :newgroup /var/lib/tomcat7/conf/*
If you have other files that your web-apps are accessing such as log files configuration files etc. then you need to change ownership of those files as well.
- Now, everything should be ready to fire up the service again with the new user.
EDIT 2: After upgrading to tomcat 8 and Ubuntu 18.04 another issue appeared when running tomcat as a different user. In the script /etc/init.d/tomcat8
the following line seems to alter the home folder of the tomcat user but the result is not what you want if you are using a different user.
usermod --home /var/lib/tomcat8 $TOMCAT8_USER > /dev/null 2>&1 || true
By removing or commenting this line out, you can avoid to have the home folder altered for the new tomcat user.