After running the WSTOMINS maintenance job in UPDATE mode, TOMCAT started task is coming up with a security violation. Why is the started task trying to do a MKDIR and is this is normal?

ICH408I USER(XXXTST  ) GROUP(XXXGRP  ) NAME(ENDEVOR TEST STC    ) 
  /XXX/tomcat-V190/webapps/EndevorService                                                          
  CL(DIRACC  ) FID(XXX)              
  INSUFFICIENT AUTHORITY TO MKDIR                                 
  ACCESS INTENT(-W-)  ACCESS ALLOWED(GROUP      R-X)              
  EFFECTIVE UID(XXX)  EFFECTIVE GID(XXX)    

Endevor V19

After deploying the EndevorService.war file, Tomcat unpacks it and stores all the project files from the webapps directory in a new directory named EndevorService, if the TOMCAT_USER don't have the write permission to webapps, a security violation (INSUFFICIENT AUTHORITY TO MKDIR) is thrown by Tomcat STC.

Check the permission of webapps directory and found out that only ROOT has the full permission (RWX), group and other only have the RX and no write permission. 

This is the result of manual updates by someone else.  

In WSTOMINS:

SET RUN@ROOT='YES'

 - if set to YES, the script will ensure it is run under the root     
   (UID=0).                                                           
   INSTALL ONLY: Also sets the permissions on the                     
   ENDEVOR_TOMCAT_INSTANCE for TOMCAT_USER and TOMCAT_GROUP           
   (see next two parameters) files according to the best practices    
   in the Apache Tomcat documentation. Also, the Tomcat start job     
   WSTOMSTC will be set to run under the TOMCAT_USER.                 

SET CLEAN_ENDEVOR_TOMCAT_INSTANCE=Y

Rerun WSTOMINS as root with ACTION=INSTALL - to run a clean install of Endevor web services using the latest Web Services files. 

Restart WSTOMSTC, WSTOMSTC will be set to run under the TOMCAT_USER, and TOMCAT_USER will have sufficient access to ENDEVOR_TOMCAT_INSTANCE.