Configure Tomcat in Ubuntu to run as a specified (non-root) identity

MyBlog: http: wwwoutflushcom usually configures

My Blog: http://www.outflush.com/

Generally, when configuring the Tomcat production environment, Tomcat is usually configured to run as a specific identity (non-root), which is conducive to improving security and preventing further permission improvement after the website is hacked.

Environment on which this article depends:

Ubuntu (in fact most of them also apply to CentOS) JVM (installed and configured environment variables) gcc, make, and other compilation tools JAVA_HOME =/usr/lib/jvm/jdk1.7.0 _ 55CATALINA_HOME =/usr/local/apache-tomcat-7.0.53 the user name for running Tomcat is tomcat

First, download the latest Tomcat version from the Apache Tomcat official website.

Apache Tomcat: http://tomcat.apache.org

Download the installation package and decompress it to/usr/local/apache-tomcat-7.0.53.

# Enter the bin directory cd/usr/local/apache-Tomcat-7.0.53/bin under the tomcat installation directory # decompress commons-daemon-native.tar.gz tar zxvf commons-daemon-native.tar.gzcd commons-daemon-native/unix # gcc, make and other compilation tools, if the JAVA_HOME environment variable is not specified, the -- with-java = parameter must be used to specify the jdk directory. configure # after the previous step is successful, makemake # make will generate a file named jsvc in the current folder and copy it to the $ CATALINA_HOME/bin directory cp jsvc .. /.. /# Add a user useradd Tomcat-M-d/-s/usr/sbin/nologin to run tomcat # return to the cd in the $ CATALINA_HOME/bin directory .. /.. /# Modify the daemon in the $ CATALINA_HOME/bin directory. sh file # set TOMCAT_USER = tomcat, JAVA_HOME =/usr/lib/jvm/jdk1.7.0 _ 55 # If *. if the sh file does not have the running permission, add the running permission chmod + x * to it *. sh # set the Owner of the $ CATALINE_HOME folder and all its sub-files to tomcatchown-R tomcat: tomcat/usr/local/apache-tomcat-7.0.53 # start Tomcatdaemon. sh start

Set Tomcat to Service

# Create $ CATALINA_HOME/bin/daemon. A link to sh/etc/init. d/, the service name is tomcat7ln-s/usr/local/apache-tomcat-7.0.53/bin/daemon. sh/etc/init. d/tomcat7 # start Tomcat/etc/init. d/tomcat7 start # or service tomcat7 start

Set Tomcat to start automatically after startup (the premise is that Tomcat has been set to Service)

# Set boot auto start update-rc.d tomcat7 defaults # cancel boot auto start update-rc.d tomcat7 remove