« Problem getting to localhost website on my Mac after snow lepord | Main | Config file change to make DSAPCE properly handle unicode filenames »

tomcat user runs fedora

Instructions from tomcat install

From tomcat manual
3.5. Running Tomcat as Non-Root User I don't believe there any issues with running Tomcat as root user. However, for the more security-conscious readers out there, here are some instructions on running Tomcat as a non-root user. At this stage, the Tomcat packages, files and binaries are owned by root. We will first need to create a Tomcat user and group that will own these files, and under which Tomcat will run. Tomcat User :: tomcat Tomcat Group :: tomcat Not too imaginative, huh ? We will now create the Tomcat user and group. Open a terminal window and, as root, # groupadd tomcat # useradd -g tomcat -d /opt/tomcat tomcat # passwd tomcat Notice that we specified the home directory of Tomcat to be /opt/tomcat. Some people believe that this is good practice because it eliminates an additional home directory that needs to be administered. Now, we will put everything in /opt/tomcat under Tomcat user and group. As root, # chown -R tomcat:tomcat /opt/tomcat If /opt/tomcat is a symlink to your Tomcat install directory, you'll need to do this: # chown -R tomcat:tomcat /opt/jakarta-tomcat-5.x.xx Verify that JAVA_HOME and CATALINA_HOME environment variables are setup for tomcat user, and you should be good to go. Once the Tomcat binaries are under Tomcat user, the way you invoke it will be different. To start Tomcat, # su - tomcat -c /opt/tomcat/bin/startup.sh To stop Tomcat, # su - tomcat -c /opt/tomcat/bin/shutdown.sh
In my case replace these commands with
su - tomcat -c /usr/local/fedora/tomcat/bin/startup.sh and
su - tomcat -c /usr/local/fedora/tomcat/bin/shutdown.sh
Also, be aware that your web applications will need to be deployed (i.e. copied to the web application directories) as user tomcat, instead of root. A little more hassle, but possibly a little safer too.

Lines added to /etc/profile

The tomcat user needed access to a few envirnoment variables so I added the following lines to /etc/profile

# User specific aliases and functions
export JAVA_HOME=/usr/lib/jvm/jre-1.6.0-openjdk.x86_64
export FEDORA_HOME=/usr/local/fedora
export PATH=$PATH:$FEDORA_HOME/server/bin:$FEDORA_HOME/client/bin:$JAVA_HOME/bin
export CATALINA_HOME=$FEDORA_HOME/tomcat
export UWDCUTIL_HOME=/usr/local/uwdcutils-1.0

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)