The product installer (who can be a root/Administrator or non-root user) can grant write permission to the appropriate WebSphere® ESB files and directories to other non-root users. The non-root users can then create profiles. Alternatively, the product installer can create a group for users who are authorized to create profiles or give individual users the authority to create profiles. The following example task shows how to create a group that is authorized to create profiles.
Non-root users create their own profiles so that they can manage their own environments. Typically, they manage environments for development purposes.
Non-root users must store their profiles in their private directory structure, not in the install_root/profiles directory of the product.
mkdir install_root/logs/manageprofiles
install_root\logs\manageprofiles
mkdir install_root/properties/fsdb
install_root\properties\fsdb
install_root/properties/profileRegistry.xml
install_root\properties\profileRegistry.xml
<?xml version="1.0" encoding="UTF-8"?> <profiles/>
export WASHOME=/opt/IBM/WebSphere/ESB echo $WASHOME echo "Performing chggrp/chmod per WAS directions..." chgrp profilers $WASHOME/logs/manageprofiles chmod g+wr $WASHOME/logs/manageprofiles chgrp profilers $WASHOME/properties chmod g+wr $WASHOME/properties chgrp profilers $WASHOME/properties/fsdb chmod g+wr $WASHOME/properties/fsdb chgrp profilers $WASHOME/properties/profileRegistry.xml chmod g+wr $WASHOME/properties/profileRegistry.xml chgrp -R profilers $WASHOME/profileTemplates
chmod -R g+wr $WASHOME/profileTemplates/profile_template_name/documentsThe ownership of files is preserved when the files are copied to the profile directory during profile creation. You granted write permission to the profile directory so that files copied to the profile directory can be modified as part of the profile creation process. Files that are already in the profileTemplatedirectory structure prior to the start of profile creation are not modified during profile creation.
chgrp profilers $WASHOME/properties/Profiles.menu chmod g+wr $WASHOME/properties/Profiles.menu
@WASHOME\logs\manageprofiles @WASHOME\properties @WASHOME\properties\fsdb @WASHOME\properties\profileRegistry.xml
You might have to change the permissions on additional files if the non-root user encounters permission errors. For example, if the product installer authorizes a non-root user to delete a profile, then product installer might have to delete the following file:
install_root/properties/profileRegistry.xml_LOCK
install_root\properties\profileRegistry.xml_LOCK
Give write access to the non-root user for the file to authorize the user to delete the file. If the non-root user still cannot delete the profile, then the product installer can delete the profile.
The installer created the profilers group and gave the group proper permissions to certain directories and files to create profiles. These directories and files are the only ones in the installation root of WebSphere ESB to which a non-root user needs to write to create profiles.
The non-root user that belongs to the profilers group can create profiles in a directory that the non-root user owns and to which the non-root user has write permission. However, the non-root user cannot create profiles in the installation root directory of the product.
A non-root user ID can manage multiple profiles. The same non-root user ID can manage an entire profile, whether it is the deployment manager profile, a profile that contains the servers and the node agent, or a custom profile. A different user ID can be used for each profile in a cell, whether global security or administrative security is enabled or disabled. The user IDs can be a mix of root and non-root user IDs. For example, the root user might manage the deployment manager profile, while a non-root user might manage a profile that contains servers and the node agent, or vice versa. However, typically, a root user or a non-root user can manage all profiles in a cell.
The non-root user can use the same tasks to manage a profile that the root user uses.