Configuring Debian or Ubuntu To Run a Servlet Container as Non-Root

Tomcat 6, 7, 8

For recent releases of Debian and Ubuntu the tomcat<n> package includes a dependency on the authbind package and a default authbind configuration that allows the Tomcat container to bind to ports < 1024 without running the whole JVM as root user.

To leverage the authbind configuration edit the configuration file /etc/default/tomcat<n> and set (at the very end)


See this Debian Administrator article or check the man page for authbind.

For example binding to port 443 one would need:

touch /etc/authbind/byport/443
chmod 0755 /etc/authbind/byport/443 
chown tomcat8:tomcat8 /etc/authbind/byport/443 # or tomcat<n>:tomcat<n> for your version