|
| Problem | Is it possible to run WebSphere® Application Server V3.5 and V4.0 releases using a non-root userid on Unix platforms? | | | | Solution | Any application server, the administrative server, and the administrative console can be run using a non-root user on Unix platforms. These processes can be run as non-root on V3.02.2 and all releases V3.5 and V4.0If you are running as non-root in the foreground, apply Part I. If you are running as non-root in the background, you need to apply the fix in Part II.Part ITo run an Application Server as a non-root user:- Start the Administrative Server as root.
- Change the User ID and Group ID to the <user:group> for the Application Server to run-as on the Advanced Tab of the Application Server,
- Change the Standard output and Standard Error path location to a directory for which the run-as user has write permission on the General Tab of the Application Server,
- Remove any temporary files that may have been created by previous executions of the Application Server when it was run as a user other than the one that is going to be used now. Look for files in this form:
/tmp/.asxxxxx
where, the xxxxx is a communications queue name used by WebSphere Application Server.
For example:
/tmp/.asibmappserve1
/tmp/.asibmoselink1
- The Application Server is now ready to be started.
To run the Administrative Server as a non-root user- Change permissions on the install directories to allow the Administrative Server, "running-as" a non-root user, access. There are two options for granting the permissions:
Option One
Change the owner of all files and directories in the Application Server install directory to the <user:group> that you desire to "run-as."
Option Two
Change owner of the following files and directories to the <user:group> that you desire to "run-as."
$WAS_HOME/logs/*
$WAS_HOME/properties/*
$WAS_HOME/tranlog/*
$WAS_HOME/temp/*
$WAS_HOME/bin/admin.config
- Remove any temporary files that may have been created by previous executions of the Application Server when it was run as a user other than the one that is going to be used now. These files will be in this form:
/tmp/.asxxxxx
where, the xxxxx is a communications queue name used by WebSphere.
For example:
/tmp/.asibmappserve1
/tmp/.asibmoselink1
- The bootstrap port value must be 1024 or greater. To override the default value of 900, update the $WAS_HOME/bin/admin.config file and add the following property to specify a new port:
com.ibm.ejs.sm.adminServer.bootstrapPort=2222
- The Administrative Server is now ready to be started with the <user:group> that has been configured.
To run the Administrative Console as a non-root user - Change permissions to the following install directories to allow the Administrative Client, "running-as" a non-root user, access:
- Change owner of the following directory to the <user:group> that you desire to "run-as"
$WAS_HOME/bin
- Change owner of the following file to the <user:group> that you desire to "run-as"
$WAS_HOME/properties/sas.client.props
- The Administrative Console is now ready to be started with the <user:group> that has been configured.
If you configure the administrative server to run on a bootstrap port other than the default value of 900, you need to specify the new port value when starting the admin client. The command is:
adminclient.sh <hostname><port> A Security ConsiderationIf WebSphere Security is to be used when running the administrative server as a non-root user, then the Local Operating System cannot be used as the Authentication Mechanism. Instead, use Lightweight Third-Party Authentication (LTPA) with a Lightweight Directory Access Protocol (LDAP) directory server.
PART IIFollow these steps to run WebSphere Application Server in the background as a non-root user:
Change the process priority for the application server:
- In the Administrative Console, click the Topology tab and select your Application Server (For Example Default Server)
- On the right panel, choose the ADVANCED tab
- Scroll down to the PROCESS PRIORITY and change this from 20 to 28 for AIX®, and from 20 to 24 for Solaris®
- Click Apply
How to use:
Add the parameter com.ibm.ejs.sm.adminServer.processPriority to admin.config and give it the value of the Java™ process priority you want to assign to the administrative server. A value of 28 is recommended for AIX and 24 for Solaris.
Keep in mind that we are referring to an operating system process priority here and not a Java thread priority. For further details about Java thread priorities, see documentation on the Java class java.lang.Thread. Restart the administrative server after these changes have been applied | |
| |
| |
|
Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Servlet Engine/Web Container Operating system(s): AIX, Solaris, UNIX Software version: 3.5, 4.0 Software edition: Standard, Advanced Reference #: 1005677 IBM Group: Software Group Modified date: 2004-03-08
(C) Copyright IBM Corporation 2000, 2004. All Rights Reserved.
|