UCF STIG Viewer Logo

$CATALINA_HOME folder must be owned by the root user, group tomcat.


Finding ID Version Rule ID IA Controls Severity
V-222986 TCAT-AS-001200 SV-222986r961461_rule Medium
Tomcat file permissions must be restricted. The standard configuration is to have the folder where Tomcat is installed owned by the root user with the group set to tomcat. The $CATALINA_HOME environment variable should be set to the location of the root directory of the "binary" distribution of Tomcat.
Apache Tomcat Application Server 9 Security Technical Implementation Guide 2024-05-23


Check Text ( C-24658r426402_chk )
Access the Tomcat server from the command line and execute the following OS command:

sudo find $CATALINA_HOME -follow -maxdepth 0 \( ! -user root -o ! -group tomcat \) -ls

If no folders are displayed, this is not a finding.

If results indicate the $CATALINA_HOME folder ownership and group membership is not set to root:tomcat, this is a finding.
Fix Text (F-24647r426403_fix)
Run the following commands on the Tomcat server:

sudo find $CATALINA_HOME -maxdepth 0 \( ! -user root \) | sudo xargs chown root

sudo find $CATALINA_HOME -maxdepth 0 \( ! -group tomcat \) | sudo xargs chgrp tomcat