I have the following:
* A redhat box running Fedora release 7 (Moonshine)
*
Tomcat apache-tomcat-6.0.18 distribution
Currently, Apache is setup to work with Tomcat using the AJP connector, that works fine.
When I boot the box I su root and then I run the script startup.sh which is on the bin directory of tomcat, that starts tomcat without a problem. I can close my root session, my ssh and tomcat keeps running.
The problem is that running as root is a huge security problem. I run multiple virtual hosts in tomcat and although all sites are developed by me, I want to prevent any webapp from causing any harm such as:
* System.exit() which will shutdown Tomcat
* writing to secure directories
* practically control the box!
I need to be able to run tomcat as user not as root and also as a daemon on start up so that I don't need to manually start it.
Any help on the subject will be much appreciated!