I've been using Drupal 7 to run an internal tool to perform automation on signing Android .apk files with our unique private keys. The internal tool has various components, a custom Drupal module, and three Java servlets. The servlets execute the validation and jarsigner process while the Drupal site and custom module are for the administrative and workflow functionality. (as a bonus I take advantage of Drupal for its user/role functionality so that the various users only have access to certain types of signatures) The tool can create demonstration, beta, and production signatures, and the users can be internal and external.
Recently I encountered an issue in which the application zip file that one of the Java Servlets created was being assigned root permissions. I didn't have this issue 7 years ago when I deployed the tool in a tomcat five environments, so I went to Google to search for a solution.
I found that if tomcat starts up using sudo [tomcat]/bin/startup.sh then whatever the Java servlets generate with regards to files or folders, they are assigned root privileges.
I had to revert to one of my references that show the best practices when it comes to installing tomcat and would like to share this reference as it worked for me:
All in all, I got Tomcat 7 on Ubuntu 18.04, running Drupal 7 on a LAMP Stack.