diff --git a/d4s_user_services_perms/README.md b/d4s_user_services_perms/README.md
new file mode 100644
index 00000000..7bf646d2
--- /dev/null
+++ b/d4s_user_services_perms/README.md
@@ -0,0 +1,3 @@
+This role assumes that only one tomcat instance is defined and running on the system.
+
+Important note: the variable 'http_port' needs to be defined earlier in the calling playbook.
diff --git a/d4s_user_services_perms/defaults/main.yml b/d4s_user_services_perms/defaults/main.yml
new file mode 100644
index 00000000..aa65e71a
--- /dev/null
+++ b/d4s_user_services_perms/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+d4science_user: gcube
+d4science_user_home: '/home/{{ d4science_user }}'
diff --git a/d4s_user_services_perms/tasks/main.yml b/d4s_user_services_perms/tasks/main.yml
new file mode 100644
index 00000000..5da2f27f
--- /dev/null
+++ b/d4s_user_services_perms/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: Install the sudoers config that permits the tomcat user to restart the service
+  template: src=tomcat-sudoers.j2 dest=/etc/sudoers.d/tomcat-d4science owner=root group=root mode=0440
+  tags: [ 'tomcat', 'd4science', 'sudo' ]
+
+- name: Install the script that allows the tomcat user to start and stop the service without using the full path
+  template: src={{ item }}.j2 dest={{ d4science_user_home }}/{{ item }} owner={{ d4science_user }} group={{ d4science_user }} mode=0755
+  with_items:
+    - startContainer.sh
+    - stopContainer.sh
+  tags: [ 'tomcat', 'd4science', 'sudo' ]
diff --git a/d4s_user_services_perms/templates/startContainer.sh.j2 b/d4s_user_services_perms/templates/startContainer.sh.j2
new file mode 100644
index 00000000..37208924
--- /dev/null
+++ b/d4s_user_services_perms/templates/startContainer.sh.j2
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+sudo /etc/init.d/tomcat-instance-{{ http_port }} start
+
+exit $?
diff --git a/d4s_user_services_perms/templates/stopContainer.sh.j2 b/d4s_user_services_perms/templates/stopContainer.sh.j2
new file mode 100644
index 00000000..3a5802ad
--- /dev/null
+++ b/d4s_user_services_perms/templates/stopContainer.sh.j2
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+sudo /etc/init.d/tomcat-instance-{{ http_port }} stop
+
+exit $?
diff --git a/d4s_user_services_perms/templates/tomcat-sudoers.j2 b/d4s_user_services_perms/templates/tomcat-sudoers.j2
new file mode 100644
index 00000000..8dc5cd9a
--- /dev/null
+++ b/d4s_user_services_perms/templates/tomcat-sudoers.j2
@@ -0,0 +1,2 @@
+{{ d4science_user }}  ALL=(ALL) NOPASSWD:  /etc/init.d/tomcat-instance-*
+
diff --git a/ssh-keys/defaults/main.yml b/ssh-keys/defaults/main.yml
index 95436d5f..f360036b 100644
--- a/ssh-keys/defaults/main.yml
+++ b/ssh-keys/defaults/main.yml
@@ -1,6 +1,5 @@
 ---
 manage_root_ssh_keys: True
-
 #
 # Example:
 # user_ssh_key: [ '{{ sandro_labruzzo }}','{{ michele_artini }}', '{{ claudio_atzori }}' ]
@@ -31,6 +30,7 @@ gianpaolo_coro: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAkLUsStIPUVZVWiHyiI2poDnB70Cj
 katerina_iatropoulou: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA29WTITAKDhIE4lYt41hEtL3TnE+bIrlZAdAzSKySHOXPI8Q1vxanvprnL8BU0okgfZJDx3qxcTWLbwpcdWvGbO2SIA8JSKl2viQqfYDc5VtWFd4xo5z9y5BRrNDOOel+XAZjamx8lv8c44Au0ACV+jCAhnzwJA4Iso1KuNsuj2M= kiatrop@rudie
 farah_karim: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzKSQSk3ntKGUW2Cy8lt/44BTK2+UxMM4W2XO4CrcwgUxxlgIfpL4UjyuSKIygRdU/lL/4xHJdRNzA7PSEiHnBhIeLiF9QWw1mO2GVdJ4/1G5J/XEZ3sL7zyEdwwks7FsnT4U9PO9drNDZ1AmIK8eDKtX9EJcOFflulOknbIHjIq29gXcXbrhQaV3rNHS8vGDkv3fkpJT9Wi8BEUMeMFYsa3k3pc3nPysCQR+xsVJ1Ht+1gpU71W7fACaI1ltYaCToPAJasU19Tz6xE3edl9/Dz6HIL5FcVNSbLFEiyQhd5oL1ITCXJOwzyqobrUUdRK/30iIBRRFW00AIGQCDV0S3 hadoop@karim-ThinkPad-S1-Yoga
 luca_frosini: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDlTQulSJFayTJyOOecgsct35u7uvVQGX/Da11UZVxvJzw2sQKOMSCMBBGF9zUlcMoP/qvF425jVMM71S8kamCcqgSN528fp9W/Nhw7s15NbCE3H9tJ3B+u5ESOYsRfgogeTIyL26aIY/2rke0DoKDIMU3YlOtN/1ipt5cY9uV3ootxTM126y2WChICGo0h77M/Ta1pIccUE0XbuaA1HwlJBkfDzQ2kh5tkaC7mjeETstOQzpEoPFoVr0qwSPz1Y6l8uiedpDZejrq64Z2zRcSxjEQ1wuA9r8uO7TJQttUKK8m/dHMe6q3WAiFc9sOYe4tf/GEmziB8VloMTNCPJQiz lucafrosini@pc-frosini
+francesco_mangiacrapa: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDa0NzwaCcauxAFlsupU2xG2eff9nzep9bnb8pISbX2lk+K4yoJvJOAz9W9klJtpPX/IUJx18YR4jjDNcdiYWNh4Y+5jKT2EhSPNkj7Vw2MhA/ZeOrfHx7JNtL8gdxa8XxYB0ZoZqutRppmaRwWmGGwdVh0wyUzWR/v0OT01IuQGYVneLKIjUtx+BcWGsosWISaOQzVbv9iTFbSwgjbkKFHzHasxwKsrK4t1wvbzuxwhVC+5/VKghBJWN219m/PO+itww/fSes0KpI5X/7q8jrYzUgYwrKwt290U41Fx8syDQ6101YnRzMXZRyZwuVNh2S7WosGWebg5nPS4IjKho/F francesco-mangiacrapa@ubuntu-francesco-i24
 
 # Use the list when you want to give access to non root users
 ssh_users_list:
@@ -40,5 +40,3 @@ ssh_users_list:
 # And set the following variable to true:
 non_root_users: False
 
-manage_root_ssh_keys: True
-