Run Tomcat7 as tomcat7 (or any other) user

The most common way is to install the standard tomcat7 package with apt-get and to start it using:

sudo service tomcat7 start

The default user and group are configured in /etc/default/tomcat7 as you can see in this excerpt:

# Run Tomcat as this user ID. Not setting this or leaving it blank will use the
# default of tomcat7.
TOMCAT7_USER=tomcat7

# Run Tomcat as this group ID. Not setting this or leaving it blank will use
# the default of tomcat7.
TOMCAT7_GROUP=tomcat7

EDIT: Please read comments below! This solution may not be applicable to all situations.

The accepted answer is great but since I run Tomcat 7 on Ubuntu 14.04 there were some additional things I needed to do in order to get everything running:

  1. You need to stop the tomcat service before editing the file /etc/default/tomcat7. Once you change the user and group, it will no longer be possible to stop a service using the old user.

  2. Change the user and group in the file /etc/default/tomcat7

  3. You need to change ownership of the folder /var/log/tomcat7 and all of it's files. Please note that it is an advantage to keep the adm group so that all adm users can read the logs.

    sudo chown -R newuser:adm /var/log/tomcat7

  4. Change ownership of the folder /var/lib/tomcat7/webapps

    sudo chown -R newuser:newgroup /var/lib/tomcat7/webapps

  5. If running on port 80/443 on Ubuntu 14.04 you need to change ownership of the authbind files:

    sudo chown newuser /etc/authbind/byport/80

    sudo chown newuser /etc/authbind/byport/443

  6. Change ownership of the working folder

    sudo chown newuser:adm /var/cache/tomcat7

    sudo chown -R newuser:newgroup /var/cache/tomcat7/Catalina

  7. Make config files readable. Here you have two options: Either add you new user to the tomcat7 group by:

    sudo usermod -a -G tomcat7 newuser

    ...or change ownership of the config files:

    sudo chown -R :newgroup /var/lib/tomcat7/conf/*

  8. If you have other files that your web-apps are accessing such as log files configuration files etc. then you need to change ownership of those files as well.

  9. Now, everything should be ready to fire up the service again with the new user.

EDIT 2: After upgrading to tomcat 8 and Ubuntu 18.04 another issue appeared when running tomcat as a different user. In the script /etc/init.d/tomcat8 the following line seems to alter the home folder of the tomcat user but the result is not what you want if you are using a different user. 

usermod --home /var/lib/tomcat8 $TOMCAT8_USER > /dev/null 2>&1 || true

By removing or commenting this line out, you can avoid to have the home folder altered for the new tomcat user.

Tags:

Tomcat7

Recent Posts