默认情况下，Tomcat是以root权限运行的，这样权限太大了；对于开发人员必须要降权运行；建立一个普通用户供开发人员发布项目及重启服务等；

建立普通用户：

useradd usertest
echo "123456"|passwd --stdin usertest

注意问题：

• 运行Tomcat的环境变量可以直接写在/etc/profile文件中，或者直接写在用户家目录下的：~/.bash_profile文件中；
• 在Tomcat的bin目录中的startup.sh和shutdown.sh脚本文件中也加入上面的环境变量；

添加启动脚本：

#!/bin/bash
#
# chkconfig: - 95 15
# description: Tomcat start/stop/status script
#Author:swper
#Email:hz328@58jb.com

#Location of JAVA_HOME (bin files)
export  JAVA_HOME=/usr/local/java7
export  JRE_HOME=$JAVA_HOME/jre
export  CLASSPATH=$CLASSPATH:./:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export  PATH=$PATH:/usr/local/java7/bin

#Add Java binary files to PATH
export PATH=$JAVA_HOME/bin:$PATH

#CATALINA_HOME is the location of the configuration files of this instance of Tomcat
CATALINA_HOME=/usr/local/tomcat7
#TOMCAT_USER is the default user of tomcat
TOMCAT_USER=root

#TOMCAT_USAGE is the message if this script is called without any options
TOMCAT_USAGE="Usage: $0 {\e[00;32mstart\e[00m|\e[00;31mstop\e[00m|\e[00;32mstatus\e[00m|\e[00;31mrestart\e[00m}"

#SHUTDOWN_WAIT is wait time in seconds for java proccess to stop
SHUTDOWN_WAIT=10

tomcat_pid() {
        echo `ps -ef | grep $CATALINA_HOME | grep -v grep | tr -s " "|cut -d" " -f2`
}

start() {
  pid=$(tomcat_pid)
  if [ -n "$pid" ];then
    echo -e "\e[00;31mTomcat is already running (pid: $pid)\e[00m"
  else
    echo -e "\e[00;32mStarting tomcat\e[00m"
    if [ `user_exists $TOMCAT_USER` = "1" ];then
      sudo $CATALINA_HOME/bin/startup.sh
    else
      sudo $CATALINA_HOME/bin/startup.sh
    fi
    status
  fi
  return 0
}

status(){
  pid=$(tomcat_pid)
  if [ -n "$pid" ];then
    echo -e "\e[00;32mTomcat is running with pid: $pid\e[00m"
  else
    echo -e "\e[00;31mTomcat is not running\e[00m"
  fi
}

stop() {
  pid=$(tomcat_pid)
  if [ -n "$pid" ];then
    echo -e "\e[00;31mStoping Tomcat\e[00m"
        sudo $CATALINA_HOME/bin/shutdown.sh

    let kwait=$SHUTDOWN_WAIT
    count=0;
    until [ `ps -p $pid | grep -c $pid` = "0" ] || [ $count -gt $kwait ]
    do
      echo -n -e "\e[00;31mwaiting for processes to exit\e[00m\n";
      sleep 1
      let count=$count+1;
    done

    if [ $count -gt $kwait ];then
      echo -n -e "\n\e[00;31mkilling processes which didn't stop after $SHUTDOWN_WAIT seconds\e[00m"
      kill -9 $pid
    fi
  else
    echo -e "\e[00;31mTomcat is not running\e[00m"
  fi

  return 0
}

user_exists(){
  if id -u $1 >/dev/null 2>&1; then
    echo "1"
  else
    echo "0"
  fi
}

case $1 in
        start)
          start
        ;;

        stop)
          stop
        ;;

        restart)
          stop
          start
        ;;

        status)
      status
        ;;

        *)
      echo -e $TOMCAT_USAGE
        ;;
esac
exit 0

加入可执行权限：

chmod +x /etc/init.d/tomcat

修改Tomcat程序的权限：

chown -R usertest:usertest /usr/local/tomcat7

sudo授权：

cat >/etc/sudoers<<-EOF
##=======================================
#User group
User_Alias MONITOR = usertest
## Restart Tomcat service.
#Cmnd_Alias RESTART_SSH = /sbin/service sshd restart
Cmnd_Alias RESTART_TOMCAT  = /usr/local/tomcat7/bin/startup.sh, /usr/local/tomcat7/bin/shutdown.sh

## Restart mysqld service.
Cmnd_Alias RESTART_MYSQL  = /etc/init.d/mysqld restart,/sbin/service mysqld restart

## monitor can only restart tomcat and mysqld.
MONITOR ALL=(ALL) NOPASSWD: RESTART_TOMCAT,RESTART_MYSQL
##=======================================
EOF

上面授权配置中，添加了Tomcat的启动脚本和Mysql的启动授权；利用sudo 命令，这样以最小权限运行程序；

启动方法：

Tomcat：

service tomcat [start|restart|stop]

Mysql:

sudo service mysqld restart

这样一来就降低了权限，同时也解决了Tomcat无法以普通用户运行在80端口的问题；