6.3.8. Using a Java Security Manager

Java services have the option of having a Security Manager which defines unsafe and safe operations for applications to perform. When the subsystems are installed, they have the Security Manager enabled automatically, meaning each Tomcat instance starts with the Security Manager running (the -secure flag is set in Tomcat).
The Security Manager is disabled if the instance is created with the -sans_security_manager option.