Le 21/07/2016 à 13:52, Emmanuel Bourg a écrit : > I don't think any user can start Tomcat, because the init script has to > switch to the tomcat user at some point and this requires root privileges.
The init.d script also generates the catalina.policy file as read-only for the tomcat user, and this must be performed as root. > That said the 'status' option should be usable by anyone. Currently it's > restricted to the administrator. This is no longer true with systemd, anyone can run: systemctl status tomcat8.service > Should the tomcat user be allowed to control the daemon? I'm not sure > this is a good idea, because a simple malicious JSP could then stop the > server. Actually a malicious JSP or an exploited vulnerability in a web application can already stop the server simply by executing 'killall java' (if the security manager is disabled). Emmanuel Bourg