Unfortunately, there is no universally recommendable user configuration. I assume you mean that the tomcat user doesn't have access to the Linux shell. In this case the options really are to run the scripts under another user who can do it (as you do now) or to allow the tomcat user to log-in and restrict him to the needed directories only. I know this is not ideal but there is not much we can do about it as it is closely related to the way how Linux works.
In case of any follow-up question, please don't hesitate to contact us.