Accounts and ownership

This mainly pertains to Unix and Linux systems. One of the cardinal rules is never run Tomcat as root, but I'm sorry to say I've seen this in live production systems.

Why not?

We'll walk you through setting your system up so you can run as a non-root user.

Potential separate roles:

  • Installation file owner
  • Server runtime user
  • Webapps user
  • Server administrator user

The installation files owner owns the CATALINA_HOME directory. It is often root, which is fine since no processes need to run as this user. The other user accounts shouldn't be able to write to these files.

The server runtime user is who the Tomcat process runs as. It needs to be able to read the installation files, the webapp files and everything else under CATALINA_BASE. It also needs to be able to write to the logs, temp, and work directories. It also needs to write the tomcat-users.xml file (look into whether this can be configured to live somewhere else).

The webapps administration user is an optional extra, it allows some users to deploy applications without being able to modify server configuration. The account should be able to write to the webapps directory, but shouldn't need much else.

The server administrator account is for people who need to be able to start and stop the application server, and review the logs. In most cases this can be the same as the webapps administrator, as this will be a developer who deploys the application, restarts the server, and checks the logs to debug any issues.