tomcat user runs fedora
Instructions from tomcat installFrom tomcat manual
3.5. Running Tomcat as Non-Root User I don't believe there any issues with running Tomcat as root user. However, for the more security-conscious readers out there, here are some instructions on running Tomcat as a non-root user. At this stage, the Tomcat packages, files and binaries are owned by root. We will first need to create a Tomcat user and group that will own these files, and under which Tomcat will run. Tomcat User :: tomcat Tomcat Group :: tomcat Not too imaginative, huh ? We will now create the Tomcat user and group. Open a terminal window and, as root, # groupadd tomcat # useradd -g tomcat -d /opt/tomcat tomcat # passwd tomcat Notice that we specified the home directory of Tomcat to be /opt/tomcat. Some people believe that this is good practice because it eliminates an additional home directory that needs to be administered. Now, we will put everything in /opt/tomcat under Tomcat user and group. As root, # chown -R tomcat:tomcat /opt/tomcat If /opt/tomcat is a symlink to your Tomcat install directory, you'll need to do this: # chown -R tomcat:tomcat /opt/jakarta-tomcat-5.x.xx Verify that JAVA_HOME and CATALINA_HOME environment variables are setup for tomcat user, and you should be good to go. Once the Tomcat binaries are under Tomcat user, the way you invoke it will be different. To start Tomcat, # su - tomcat -c /opt/tomcat/bin/startup.sh To stop Tomcat, # su - tomcat -c /opt/tomcat/bin/shutdown.sh
In my case replace these commands with
su - tomcat -c /usr/local/fedora/tomcat/bin/startup.sh and
su - tomcat -c /usr/local/fedora/tomcat/bin/shutdown.sh Also, be aware that your web applications will need to be deployed (i.e. copied to the web application directories) as user tomcat, instead of root. A little more hassle, but possibly a little safer too.
Lines added to /etc/profileThe tomcat user needed access to a few envirnoment variables so I added the following lines to /etc/profile
# User specific aliases and functions