tomcat uid and gid changes when migrating to the latest AMI from tomcat8 to tomcat10

[jasons-medistaff]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave "+1" or "me too" comments. They generate extra noise for issue followers and do not help prioritize the request.

Tell us about your request
What do you want us to build?
The ability to manually set Tomcat's uid and gid.

Is this request specific to an Elastic Beanstalk platform?
If so, which one(s)?
Tomcat8 AMI
aws-elasticbeanstalk-amzn-2.0.20231101.64bit-eb_tomcat85corretto11_amazon_linux_2-hvm-2023-11-13T19-34
Tomcat10 AMI
aws-elasticbeanstalk-amzn-2023.2.20231113.64bit-eb_tomcat10corretto17_amazon_linux_2023-hvm-2023-11-15T10-07

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
We mount our efs to our elasticbeanstalk platform via .ebextensions. The Linux user that does this is "tomcat" and so all our files are owned by tomcat:tomcat.
However, tomcat's uid:gid on the now deprecated platform used to be 91:91. In the recent one it is 54:896.
Because of this change, my application cannot get access to any of the files on the mounted efs.

I have a test environment with 106g of efs data. I tried "chown" and it took more than thirty minutes.

As a temporary solution, I changed the permissions to 777 so both old and new servers have access and changed the owner to 54:896. I have changed the DNS so all traffic leads to the new server and will retire the old one in a few days.

However, this solution is a hassle and temporarily introduces vulnerability to our system. Also I feel like this might not be the last time tomcat's uid:gid changes.

There seems to be a similar issue with "webapp" discussed in this thread: #137