root用户启动tomcat使得tomcat具有root权限，意味着任何一个页面脚本(html/js)都具有root权限，所以可以轻易地用页面脚本修改整个硬盘里的文件，建议不使用root启动tomcat,使用系统自带的nobody用户。

部署JDK8

[root@unicom-centos7-shanghai-area0 packages]# tar zxvf jdk-8u181-linux-x64.tar.gz
[root@unicom-centos7-shanghai-area0 packages]# mv jdk1.8.0_181/ /usr/local/
[root@unicom-centos7-shanghai-area0 packages]# echo 'export JAVA_HOME=/usr/local/jdk1.8.0_181'>>/etc/profile
[root@unicom-centos7-shanghai-area0 packages]# echo 'export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar'>>/etc/profile
[root@unicom-centos7-shanghai-area0 packages]# echo 'export PATH=$PATH:$JAVA_HOME/bin'>>/etc/profile
[root@unicom-centos7-shanghai-area0 packages]# source /etc/profile
[root@unicom-centos7-shanghai-area0 packages]# java -version

部署Tomcat

[root@unicom-centos7-shanghai-area0 packages]#  wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-8/v8.5.64/bin/apache-tomcat-8.5.64.tar.gz
[root@unicom-centos7-shanghai-area0 packages]# tar -zxvf apache-tomcat-8.5.64.tar.gz
[root@unicom-centos7-shanghai-area0 packages]# mv apache-tomcat-8.5.64 /usr/local/tomcat
[root@unicom-centos7-shanghai-area0 packages]# cd /usr/local/tomcat/bin
[root@unicom-centos7-shanghai-area0 bin]# ls
bootstrap.jar  catalina.sh         ciphers.bat  commons-daemon.jar            configtest.bat  daemon.sh   digest.sh         setclasspath.sh  shutdown.sh  startup.sh       tomcat-native.tar.gz  tool-wrapper.sh  version.sh
catalina.bat   catalina-tasks.xml  ciphers.sh   commons-daemon-native.tar.gz  configtest.sh   digest.bat  setclasspath.bat  shutdown.bat     startup.bat  tomcat-juli.jar  tool-wrapper.bat      version.bat
[root@unicom-centos7-shanghai-area0 bin]#  tar -zxvf commons-daemon-native.tar.gz 
[root@unicom-centos7-shanghai-area0 bin]# cd commons-daemon
commons-daemon-1.2.4-native-src/ commons-daemon.jar               commons-daemon-native.tar.gz     
[root@unicom-centos7-shanghai-area0 bin]#  cd commons-daemon-1.2.4-native-src/uninx
[root@unicom-centos7-shanghai-area0 unix]# ./configure # 预编译
[root@unicom-centos7-shanghai-area0 unix]#make # 编译和安装
[root@unicom-centos7-shanghai-area0 unix]# cp jsvc /usr/local/tomcat/bin 
[root@unicom-centos7-shanghai-area0 unix]#vim /usr/local/tomcat/bin/daemon.sh
test ".$TOMCAT_USER" = . && TOMCAT_USER=nobody # #修改91行的tomcat为nobody

[root@unicom-centos7-shanghai-area0  ~]# sudo -E -u nobody /usr/local/tomcat/bin/daemon.sh start # 使用daemon启动停止tomcat
[root@unicom-centos7-shanghai-area0  ~]# sudo -E -u nobody /usr/local/tomcat/bin/daemon.sh stop

[root@unicom-centos7-shanghai-area0  ~]# vim /usr/lib/systemd/system/tomcat.service
[Unit]
Description=Tomcat
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=oneshot
ExecStart=/usr/local/tomcat/bin/daemon.sh start
ExecStop=/usr/local/tomcat/bin/daemon.sh stop
ExecReload=/bin/kill -s HUP $MAINPID
RemainAfterExit=yes

[Install]
WantedBy=multi-user.targe
[root@unicom-centos7-shanghai-area0  ~]# systemctl start tomcat
[root@unicom-centos7-shanghai-area0  ~]# netstat -anptu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2024/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1130/master         
tcp        0     96 10.0.2.10:22            10.0.2.1:61295          ESTABLISHED 1322/sshd: hj [priv 
tcp6       0      0 :::8080                 :::*                    LISTEN      3612/jsvc.exec      
tcp6       0      0 :::22                   :::*                    LISTEN      2024/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      1130/master