Linux – best practice for access permission to users for apache tomcat

linuxtomcat

I have a Linux box being shared by various developers. They want to deploy their war files in apache tomcat which in shared location (/opt/tomcat).

Since they don't have sudo access, I have to change the folder permission for tomcat directory.

directory structure under /opt/tomcat is – 

bin/

conf/

lib/

logs/

temp/

webapps/

work/

What are the best practices in above situation – Most suitable access permission to user ?
For time being, I have changed permission to 777 to webapps and logs.

Thanks

Best Answer

I do it this way:

We put the tomcat user as the owner of the folder of tomcat:

# chown -R tomcat:tomcat /opt/tomcat

Users can not modify the configuration of tomcat:

# chmod -R g+r /opt/tomcat/conf

Users can modify the other folders:

# chmod -R g+w /opt/tomcat/logs
# chmod -R g+w /opt/tomcat/temp
# chmod -R g+w /opt/tomcat/webapps
# chmod -R g+w /opt/tomcat/work

Activate the sticky-bit for new files keep permissions defined:

# chmod -R g+s /opt/tomcat/conf
# chmod -R g+s /opt/tomcat/logs
# chmod -R g+s /opt/tomcat/temp
# chmod -R g+s /opt/tomcat/webapps
# chmod -R g+s /opt/tomcat/work

Finally, we add the tomcat group we want users who can use the tomcat:

# usermod -a -G tomcat MYUSER
Related Question