When working with CentOS, you'll encounter security mechanisms designed to prevent running services directly as root. The error env: /etc/init.d/tomcat7-supersite: Permission denied typically indicates one of these scenarios:
# Common causes:
1. Missing execute permission on init script
2. SELinux context issues
3. Improper file ownership
First check the basic permissions of your init script:
ls -l /etc/init.d/tomcat7-supersite
# Should show: -rwxr-xr-x
If execute permission is missing, fix it with:
chmod +x /etc/init.d/tomcat7-supersite
Even as root, the script might need proper ownership settings. For a service running as user 'supersite':
chown supersite:supersite /etc/init.d/tomcat7-supersite
chown -R supersite:supersite /path/to/tomcat7
On CentOS, SELinux often blocks execution of scripts in /etc/init.d. Check the context:
ls -Z /etc/init.d/tomcat7-supersite
# Should show: system_u:object_r:initrc_exec_t:s0
To restore the proper context:
restorecon -v /etc/init.d/tomcat7-supersite
Instead of running as root, configure systemd (modern CentOS versions):
# Create service file
cat << EOF > /etc/systemd/system/tomcat.service
[Unit]
Description=Apache Tomcat
After=syslog.target network.target
[Service]
Type=forking
User=supersite
Group=supersite
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
EOF
After making changes:
systemctl daemon-reload
systemctl start tomcat
journalctl -xe # Check for errors
For traditional init scripts, you can also test with:
sudo -u supersite /etc/init.d/tomcat7-supersite start
When trying to start Tomcat as root on CentOS, you might encounter the error:
env: /etc/init.d/tomcat7-supersite: Permission deniedThis typically occurs due to incorrect file permissions or SELinux restrictions.
First, verify the permissions of your init script:
ls -l /etc/init.d/tomcat7-supersiteThe output should show executable permissions (-rwxr-xr-x). If not, run:
chmod 755 /etc/init.d/tomcat7-supersiteOn CentOS, SELinux might be blocking execution. Check the status:
sestatusIf enabled, try temporarily disabling it for testing:
setenforce 0For a permanent solution, adjust the SELinux context:
chcon -t initrc_exec_t /etc/init.d/tomcat7-supersiteIt's recommended to run Tomcat under a dedicated user (not root). Here's a complete setup example:
# Create tomcat user
useradd -r -s /sbin/nologin tomcat
# Set ownership
chown -R tomcat:tomcat /opt/tomcat7
# Update init script to use tomcat user
sed -i 's/USER=root/USER=tomcat/g' /etc/init.d/tomcat7-supersiteFor modern CentOS versions, consider using systemd:
cat > /etc/systemd/system/tomcat.service << EOF
[Unit]
Description=Apache Tomcat
After=syslog.target network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start tomcatAfter making changes, verify Tomcat is running:
ps aux | grep tomcat
curl -I http://localhost:8080If issues persist, check logs:
journalctl -xe
tail -f /opt/tomcat/logs/catalina.out