Running WebSphere Application Server as a non-root user on the UNIX platform
 Technote (troubleshooting)
 
This document applies only to the following language version(s):
English
 
Problem(Abstract)
Detailed instructions on configuring and running a UNIX® system as non-root user for WebSphere® Application Server V5.0 and V5.1 Network Deployment Manager, WebSphere Application Server V5.0 and V5.1 base Application Server and WebSphere Application Server V5.0 and V5.1 Node Agent.
 
Cause
Configuration changes are required to support running WebSphere Application Server as non-root.
If global security is enabled and the user registry is Local OS, WebSphere has to be run as root.
 
Resolving the problem

Running Deployment Manager with non-root user ID
Running Node Agent with non-root user ID
Running Application Server with non-root user ID, with node agent as root
Running Base server with non-root user ID




Running Deployment Manager with non-root user ID
The following assumes that you want to run the deployment manager under user ID was1 and group wasgroup.
  1. Create the user ID was1 with primary group wasgroup.

  2. Reboot the system.

  3. Start the deployment manager.

  4. Open the administrative console and select the following:

    System Administration > DeploymentManager > Process Definition > Process Execution

  5. Enter the following:

    Umask: 002
    User: was1
    Group: wasgroup

  6. Save the configuration.

  7. Stop the deployment manager.

  8. As root, change the following file permissions on the directory:

    install_root/WebSphere/DeploymentManager

    The following example uses /opt/WebSphere/DeploymentManager:

    chgrp wasgroup /opt/WebSphere
    chgrp wasgroup /opt/WebSphere/DeploymentManager
    chgrp -R wasgroup /opt/WebSphere/DeploymentManager/config
    chgrp -R wasgroup /opt/WebSphere/DeploymentManager/logs
    chgrp -R wasgroup /opt/WebSphere/DeploymentManager/wstemp
    chgrp -R wasgroup /opt/WebSphere/DeploymentManager/installedApps
    chgrp -R wasgroup /opt/WebSphere/DeploymentManager/temp
    chgrp -R wasgroup /opt/WebSphere/DeploymentManager/tranlog
    chgrp -R wasgroup /opt/WebSphere/DeploymentManager/recoveryLogs
    chmod g+w /opt/WebSphere
    chmod g+w /opt/WebSphere/DeploymentManager
    chmod -R g+w  /opt/WebSphere/DeploymentManager/config
    chmod -R g+w /opt/WebSphere/DeploymentManager/logs
    chmod -R g+w /opt/WebSphere/DeploymentManager/wstemp
    chmod -R g+w /opt/WebSphere/DeploymentManager/installedApps
    chmod -R g+w /opt/WebSphere/DeploymentManager/temp
    chmod -R g+w /opt/WebSphere/DeploymentManager/tranlog
    chmod -R g+w /opt/WebSphere/DeploymentManager/recoveryLogs

  9. Log in as was1.

  10. Start the deployment manager.



Running Node Agent with non-root user ID
To run the node agent as non-root, all Application Servers, including the JMS server, must be running under the same user ID and group as the node agent. This gives the node agent the operating system permissions to start these servers. If running the jmsserver, the group must be mqm in order for the jmsserver process to start the WebSphere Application Server JMS Provider.

For the steps that follow, assume that wasjms is the user ID to run all the servers, and that mqm is the group. If not running jmsserver, a different group can be used.
  1. Create the user ID wasjms with primary group mqm.

  2. If running jmsserver, add user wasjms to group mqbrkrs.

  3. Reboot the system.

  4. Open the administrative console and select the following:

    System Management > Node Agents >
    node_agent(for the node) > Process Definition > Process Execution

  5. Enter the following:

    Umask: 002
    User: wasjms
    Group: mqm

  6. This step must be applied to all servers. Substitute the name of each application_server in the node:

    Servers > Application Servers > application_server > Process Definition > Process Execution

    Enter the following:

    Umask: 002
    User: wasjms
    Group: mqm

  7. Select the following:

    JMS Servers > jms_server (for the node) > Process Definition > Process Execution

  8. Enter the following:

    Umask: 002
    User:  wasjms
    Group: mqm

  9. Save and synchronize.

  10. Stop all servers, including jmsserver.

  11. Stop the node.

  12. If running the jmsserver as root, run the following:

    deletemq.sh cell_name node_name jmsserver

  13. If running the jmsserver as wasjms, run the following:

    createmq.sh install_root cell_name node_name jmsserver

    Where install_root is the directory in which WebSphere Application Server is installed (for example: /opt/WebSphere/AppServer).

  14. As root, change the following file permissions on directory:

    install_root/WebSphere/AppServer

    The following example uses /opt/WebSphere/AppServer:

    chgrp mqm /opt/WebSphere
    chgrp mqm /opt/WebSphere/AppServer
    chgrp -R mqm /opt/WebSphere/AppServer/config
    chgrp -R mqm /opt/WebSphere/AppServer/logs
    chgrp -R mqm /opt/WebSphere/AppServer/recoveryLogs
    chgrp -R mqm /opt/WebSphere/AppServer/wstemp
    chgrp -R mqm /opt/WebSphere/AppServer/installedApps
    chgrp -R mqm /opt/WebSphere/AppServer/temp
    chgrp -R mqm /opt/WebSphere/AppServer/tranlog
    chgrp -R mqm /opt/WebSphere/AppServer/cloudscape50
    chgrp -R mqm /opt/WebSphere/AppServer/cloudscape51
    chgrp -R mqm /opt/WebSphere/AppServer/bin/DefaultDB
    chmod g+w /opt/WebSphere
    chmod g+w /opt/WebSphere/AppServer
    chmod -R g+w  /opt/WebSphere/AppServer/config
    chmod -R g+w /opt/WebSphere/AppServer/logs
    chmod -R g+w /opt/WebSphere/AppServer/recoveryLogs
    chmod -R g+w /opt/WebSphere/AppServer/wstemp
    chmod -R g+w /opt/WebSphere/AppServer/installedApps
    chmod -R g+w /opt/WebSphere/AppServer/temp
    chmod -R g+w /opt/WebSphere/AppServer/tranlog
    chmod -R g+w /opt/WebSphere/AppServer/cloudscape50
    chmod -R g+w /opt/WebSphere/AppServer/cloudscape51
    chmod -R g+w /opt/WebSphere/AppServer/bin/DefaultDB

  15. Log in as wasjms.

  16. Start the node and servers.

  17. If running jmsserver with WebSphere JMS Provider, run dspmq to ensure that the WebSphere MQ queue is running. The name of the queue is WAS_node_name_jmsserver.



Running Application Server with non-root user ID, with node agent as root
This can be done by setting all the servers to run under the same operating system group. If running the jmsserver, the group must be mqm to allow the jmsserver to start the WebSphere Application Server JMS provider. If not running the jmsserver, a different group can be used in the steps that follow:
  1. Create the user ID was1 for use by the Application Server.

  2. Add users root and was1 to group mqm.

  3. Reboot the system.

  4. Open the administration console and select the following:

    System Management > Node Agents > node_agent (for the node) > Process Definition > Process Execution

  5. Enter the following:

    Umask: 002
    User: root
    Group: mqm

  6. This step must be applied to all servers. Substitute the name of each application_server in the node:

    Servers > Application Servers > application_server > Process Definition > Process Execution

    Enter the following:

    Umask: 002
    User: was1
    Group: mqm

  7. Select the following:

    JMS Servers > jmsserver (on node) > Process Definition > Process Execution

  8. Enter the following:

    Umask: 002
    User: root
    Group: mqm

  9. Save and synchronize.

  10. Stop all servers, including jmsserver.

  11. Stop the node.

  12. As root, change the following file permissions on the directory:

    install_root/WebSphere/AppServer

    The following example uses /opt/WebSphere/AppServer:

    chgrp mqm /opt/WebSphere
    chgrp mqm /opt/WebSphere/AppServer
    chgrp -R mqm /opt/WebSphere/AppServer/config
    chgrp -R mqm /opt/WebSphere/AppServer/logs
    chgrp -R mqm /opt/WebSphere/AppServer/recoveryLogs
    chgrp -R mqm /opt/WebSphere/AppServer/wstemp
    chgrp -R mqm /opt/WebSphere/AppServer/installedApps
    chgrp -R mqm /opt/WebSphere/AppServer/temp
    chgrp -R mqm /opt/WebSphere/AppServer/tranlog
    chgrp -R mqm /opt/WebSphere/AppServer/cloudscape50
    chgrp -R mqm /opt/WebSphere/AppServer/cloudscape51
    chgrp -R mqm /opt/WebSphere/AppServer/bin/DefaultDB
    chmod g+w /opt/WebSphere
    chmod g+w /opt/WebSphere/AppServer
    chmod -R g+w  /opt/WebSphere/AppServer/config
    chmod -R g+w /opt/WebSphere/AppServer/logs
    chmod -R g+w /opt/WebSphere/AppServer/recoveryLogs
    chmod -R g+w /opt/WebSphere/AppServer/wstemp
    chmod -R g+w /opt/WebSphere/AppServer/installedApps
    chmod -R g+w /opt/WebSphere/AppServer/temp
    chmod -R g+w /opt/WebSphere/AppServer/tranlog
    chmod -R g+w /opt/WebSphere/AppServer/cloudscape50
    chmod -R g+w /opt/WebSphere/AppServer/cloudscape51
    chmod -R g+w /opt/WebSphere/AppServer/bin/DefaultDB

  13. Start the node and servers.

  14. If you are running jmsserver with WebSphere JMS Provider, run dspmq to ensure that the WebSphere MQ queue is running. The name of the queue is WAS_node_name_jmsserver.



Running Base server with non-root user ID
  1. Create the user ID was1 with primary group wasgroup.

  2. Reboot the system.

  3. If using JMS, add was1 to groups mqm and mqbrkrs.

  4. Open the administrative console and select the following:

    Servers > application server > application_server > Process Definition > Process Execution

  5. Enter the following:

    umask: 002
    user id: was1
    group: wasgroup

  6. Stop the server.

  7. As root, change the following file permissions on the directory:

    install_root/WebSphere/AppServer

    The following example uses /opt/WebSphere/AppServer:

    chgrp wasgroup /opt/WebSphere
    chgrp wasgroup /opt/WebSphere/AppServer
    chgrp -R wasgroup /opt/WebSphere/AppServer/config
    chgrp -R wasgroup /opt/WebSphere/AppServer/logs
    chgrp -R wasgroup /opt/WebSphere/AppServer/recoveryLogs
    chgrp -R wasgroup /opt/WebSphere/AppServer/wstemp
    chgrp -R wasgroup /opt/WebSphere/AppServer/installedApps
    chgrp -R wasgroup /opt/WebSphere/AppServer/temp
    chgrp -R wasgroup /opt/WebSphere/AppServer/tranlog
    chgrp -R wasgroup /opt/WebSphere/AppServer/cloudscape50
    chgrp -R wasgroup /opt/WebSphere/AppServer/cloudscape51
    chgrp -R wasgroup /opt/WebSphere/AppServer/bin/DefaultDB
    chmod g+w /opt/WebSphere
    chmod g+w /opt/WebSphere/AppServer
    chmod -R g+w  /opt/WebSphere/AppServer/config
    chmod -R g+w /opt/WebSphere/AppServer/logs
    chmod -R g+w /opt/WebSphere/AppServer/recoveryLogs
    chmod -R g+w /opt/WebSphere/AppServer/wstemp
    chmod -R g+w /opt/WebSphere/AppServer/installedApps
    chmod -R g+w /opt/WebSphere/AppServer/temp
    chmod -R g+w /opt/WebSphere/AppServer/tranlog
    chmod -R g+w /opt/WebSphere/AppServer/cloudscape50
    chmod -R g+w /opt/WebSphere/AppServer/cloudscape51
    chmod -R g+w /opt/WebSphere/AppServer/bin/DefaultDB

  8. If running jms, as root, run the following:

    deletemq.sh cell_name node_name server1

  9. If running the jmsserver, as was1, run the following:

    createmq.sh install_root cell_name node_name server1

    Where install_root is the directory in which WebSphere Application Server is installed (for example: /opt/WebSphere/AppServer).

  10. As was1, start server1.

  11. If running jms with WebSphere JMS Provider, run dspmq to ensure that the WebSphere MQ queue is running. The name of the queue is WAS_node_name_server1.

  12. If creating another server with a different user ID, follow the same steps. The two user IDs must share the same group wasgroup.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Administrative Console (all non-scripting)
Operating system(s): Linux
Software version: 5.1
Software edition:
Reference #: 1178062
IBM Group: Software Group
Modified date: Mar 24, 2006