Run Apache Tomcat as User ‘tomcat’ – Setup Guide

tomcatuser-accounts

I want to run Apache Tomcat on Ubuntu 18 as the (by me created) user tomcat.

I am not using the Ubuntu default Tomcat but instead directly downloaded the tar.gz package from the Tomcat homepage.

I have installed it in /opt.

For security reasons I want to run the tomcat a user tomcat which I created in the following way:

sudo useradd -r -s /bin/false tomcat

Now, I would like to start tomcat using the following script:

#!/bin/bash
/bin/su -s /bin/bash -c "/opt/tomcat/bin/startup.sh" tomcat

When I run this script I get the following output:

ubuntu@server-8x32:/opt/tomcat/bin$ ./start-tomcat.sh 
Password:

I did not specify a password and since this script is also called from some other automatically executed script I cannot provide a password each time.

So my question is: How do I start Apache Tomcat as the user tomcat without being prompt to enter a password?

Best Answer

Create the tomcat group and this file at /etc/systemd/system/tomcat.service with the contents:

#Systemd unit file for tomcat
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target

[Service]
Type=forking


Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID

User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always

[Install]
WantedBy=multi-user.target

Start the service with

systemctl start tomcat

That will run the service as tomcat.

Related Solutions

Installing Tomcat on CentOS 5 – Step-by-Step Guide

Is Tomcat6 the requirement? What version of Centos? (I'm assuming "Tomcat of some sort" and "current Centos" which would be 5.3 as of this writing)

You don't need the jpackage repo unless you want Tomcat 6. Also, Centos 5.3 ships with openjdk 1.6.0, which has passed the Java SE 6 TCK.

Simply "yum install tomcat5" should pull in all the dependencies you would need (including openjdk), many of which will be based off the jpackage sources. Once it's installed, all you need is "service tomcat5 start" to start it up. NOTE: Running your web container as root is very, very bad because it is a massive security risk. The tomcat5 service installed by the repository version will drop its permissions to a 'tomcat' user with more limited permissions. To have tomcat start automatically when the system boots, use "chkconfig tomcat5 on".

In your case above, the port 8080 is probably blocked by the default firewall. You can turn the firewall off (recommended only for testing connectivity, do not run without the firewall in production) with "service iptables stop". Centos provides both a GUI and Text UI tool (system-config-securitylevel and system-config-securitylevel-tui respectively) for modifying the firewall, or you can use iptables directly (see 'man iptables').

Tomcat – How to start Apache Tomcat at boot on Mac OS X

This is for installing tomcat as a daemon on port 8080 but enable also port 80 by using a firewall redirection. It was tested on Mac OS 10.6 but should work also with 10.5.

Edit /opt/local/share/java/tomcat6/conf/server.xml and add proxyport="80" URIEncoding="UTF-8" inside <Connector .../>.

For forwarding port 80 to 8080 run this line and add it do /bin/catalina.sh:

sudo ipfw add 100 fwd 127.0.0.1,8080 tcp from any to any 80 in

Assign enough memory to the Java machine or you may be in trouble later. Inside /opt/local/share/java/tomcat6/conf/local.env

export JAVA_JVM_VERSION=CurrentJDK
export JAVA_OPTS="-Xmx3000M -Xms3000M -Djava.awt.headless=true -Duser.timezone=UTC"

In my example I allocated ~3Gb or RAM but you can adapt this, anyway don't put less than 1GB if you are running hudson inside tomcat.

Running as a service

Run nano /Library/LaunchDaemons/org.apache.tomcat.plist and paste the code below:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"     "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Disabled</key>
    <false/>
    <key>Label</key>
    <string>org.apache.tomcat</string>
    <key>ProgramArguments</key>
    <array>
            <string>/opt/local/share/java/tomcat6/bin/catalina.sh</string>
            <string>run</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>

Check that launchd detected you new daemon, if not reboot :(

launchctl list|grep tomcat

Start tomcat manually.

launchctl start org.apache.tomcat

If the status is something else than -, you have a problem and you should investigate it: launchctl log level debug and check /var/log/system.log.

Best Answer

Related Solutions

Installing Tomcat on CentOS 5 – Step-by-Step Guide

Tomcat – How to start Apache Tomcat at boot on Mac OS X

Running as a service

Related Topic