SoFunction
Updated on 2025-03-08

Tomcat is run by non-root users under Linux

# Preface: Why do you want to run tomcat using non-root users

There is a serious problem with root user starting tomcat, that is, tomcat has root permissions.

This means that any of your page scripts (html/js) has root permissions, so you can easily use page scripts to modify files on the entire hard drive!

So it is best not to use root to start tomcat.

# Text: Non-root user runs tomcat
## tomcat installation
slightly... The installation directory of this article is /opt/tomcat8

## Create a user
# Create user group devgroupadd dev

# Create user tomcat

useradd -g dev -s /usr/sbin/nologin tomcat

illustrate:-s /usr/sbin/nologin Prohibit logging in。

It can also be executed after the user creates it

useradd -g dev
usermod -s | --shell /usr/sbin/nologin username

## tomcat configuration
### Compile and install the service daemon#
cd /opt/tomcat8/bin/
# Uncompressiontar vzxf 
# 
cd /opt/tomcat8/bin/commons-daemon-1.0.15-native-src/unix/
# Configuration and verification before installation./configure
# If $java_home is not configured, you need to specify the JDK directory./configure --with-java=/opt/jdk_1.7

If the following error message appears,illustrate未设置JAVA_HOMEvariable

*** Java compilation tools ***
checking for JDK location... configure: error: Java Home not defined. Rerun with --with-java=... parameter

If you see the following information,You can compile/Installed

*** All done ***
Now you can issue "make"

# Compile/installmake
# After executing make, a jsvc file will be generated and copied to the bin directory of tomcatcp jsvc /opt/tomcat8/bin

### Modify the startup script file
vi /opt/tomcat8/bin/

Find the following content

test ".$TOMCAT_USER" = . && TOMCAT_USER=tomcat
# Set JAVA_HOME to working JDK or JRE
# JAVA_HOME=/opt/jdk-1.6.0.22

ReviseTOMCAT_USER=tomcat,"tomcat"For operationtomcatUsers,本文创建UsersRight now为tomcat,所以不用Revise。

RemoveJAVA_HOMEPrevious comments(Right now“#" number) and set to the directory where the JDK is located (/opt/jdk_1.7).
## Change the permissions of the tomcat directory
# Change the file ownerchown -R tomcat:dev /opt/tomcat8
# Grant user execution rightschmod a+x /opt/tomcat8/bin/

# Attachment: tomcat command
# Backend run/opt/tomcat/bin/ start
# Foreground running/opt/tomcat/bin/ run
# stop/opt/tomcat/bin/ stop

# Create symbolic links/soft connectionsln -s /opt/tomcat8/bin/ /etc//tomcat8
# tomcat8 added to system servicechkconfig –-add tomcat8
#Start/Stopservice tomcat8 start/stop

Summarize

The above is what the editor introduced to you to run tomcat on Linux, which I hope will be helpful to you. If you have any questions, please leave me a message!