|
This document applies only to the following language
version(s):
English |
|
Problem(Abstract) |
Detailed instructions on configuring and running a UNIX®
system as non-root user for WebSphere® Application Server V5.0 and V5.1
Network Deployment Manager, WebSphere Application Server V5.0 and V5.1
base Application Server and WebSphere Application Server V5.0 and V5.1
Node Agent. |
|
|
|
Cause |
Configuration changes are required to support running
WebSphere Application Server as non-root.
If global security is enabled and the user registry is Local OS,
WebSphere has to be run as root. |
|
|
Resolving the
problem |
Running Deployment Manager with non-root user
ID
The following assumes that you want to run the deployment manager under
user ID was1 and group wasgroup.
- Create the user ID was1 with primary group wasgroup.
- Reboot the system.
- Start the deployment manager.
- Open the administrative console and select the following:
System Administration > DeploymentManager > Process Definition
> Process Execution
- Enter the following:
Umask: 002
User: was1
Group: wasgroup
- Save the configuration.
- Stop the deployment manager.
- As root, change the following file permissions on the
directory:
install_root/WebSphere/DeploymentManager |
|
The following example uses
/opt/WebSphere/DeploymentManager: |
|
chgrp wasgroup /opt/WebSphere
chgrp wasgroup /opt/WebSphere/DeploymentManager
chgrp -R wasgroup /opt/WebSphere/DeploymentManager/config
chgrp -R wasgroup /opt/WebSphere/DeploymentManager/logs
chgrp -R wasgroup /opt/WebSphere/DeploymentManager/wstemp
chgrp -R wasgroup /opt/WebSphere/DeploymentManager/installedApps
chgrp -R wasgroup /opt/WebSphere/DeploymentManager/temp
chgrp -R wasgroup /opt/WebSphere/DeploymentManager/tranlog
chgrp -R wasgroup /opt/WebSphere/DeploymentManager/recoveryLogs
chmod g+w /opt/WebSphere
chmod g+w /opt/WebSphere/DeploymentManager
chmod -R g+w /opt/WebSphere/DeploymentManager/config
chmod -R g+w /opt/WebSphere/DeploymentManager/logs
chmod -R g+w /opt/WebSphere/DeploymentManager/wstemp
chmod -R g+w /opt/WebSphere/DeploymentManager/installedApps
chmod -R g+w /opt/WebSphere/DeploymentManager/temp
chmod -R g+w /opt/WebSphere/DeploymentManager/tranlog
chmod -R g+w /opt/WebSphere/DeploymentManager/recoveryLogs |
 |
- Log in as was1.
- Start the deployment manager.
Running Node Agent with non-root user ID
To run the node agent as non-root, all Application Servers, including the
JMS server, must be running under the same user ID and group as the node
agent. This gives the node agent the operating system permissions to start
these servers. If running the jmsserver, the group must be mqm in
order for the jmsserver process to start the WebSphere
Application Server JMS Provider.
For the steps that follow, assume that wasjms is the user ID to
run all the servers, and that mqm is the group. If not running
jmsserver, a different group can be used.
- Create the user ID wasjms with primary group mqm.
- If running jmsserver, add user wasjms to group
mqbrkrs.
- Reboot the system.
- Open the administrative console and select the following:
System Management > Node Agents > node_agent(for the
node) > Process Definition > Process Execution
- Enter the following:
Umask: 002
User: wasjms
Group: mqm
- This step must be applied to all servers. Substitute the name of each
application_server in the node:
Servers > Application Servers > application_server
> Process Definition > Process Execution
Enter the following:
Umask: 002
User: wasjms
Group: mqm
- Select the following:
JMS Servers > jms_server (for the node) > Process
Definition > Process Execution
- Enter the following:
Umask: 002
User: wasjms
Group: mqm
- Save and synchronize.
- Stop all servers, including jmsserver.
- Stop the node.
- If running the jmsserver as root, run the
following:
deletemq.sh cell_name
node_name jmsserver |
|
- If running the jmsserver as wasjms, run the
following:
createmq.sh
install_root cell_name node_name jmsserver |
Where install_root is the directory in which WebSphere Application
Server is installed (for example: /opt/WebSphere/AppServer).
|
- As root, change the following file permissions on directory:
install_root/WebSphere/AppServer |
|
The following example uses
/opt/WebSphere/AppServer: |
|
chgrp mqm /opt/WebSphere
chgrp mqm /opt/WebSphere/AppServer
chgrp -R mqm /opt/WebSphere/AppServer/config
chgrp -R mqm /opt/WebSphere/AppServer/logs
chgrp -R mqm /opt/WebSphere/AppServer/recoveryLogs
chgrp -R mqm /opt/WebSphere/AppServer/wstemp
chgrp -R mqm /opt/WebSphere/AppServer/installedApps
chgrp -R mqm /opt/WebSphere/AppServer/temp
chgrp -R mqm /opt/WebSphere/AppServer/tranlog
chgrp -R mqm /opt/WebSphere/AppServer/cloudscape50
chgrp -R mqm /opt/WebSphere/AppServer/cloudscape51
chgrp -R mqm /opt/WebSphere/AppServer/bin/DefaultDB
chmod g+w /opt/WebSphere
chmod g+w /opt/WebSphere/AppServer
chmod -R g+w /opt/WebSphere/AppServer/config
chmod -R g+w /opt/WebSphere/AppServer/logs
chmod -R g+w /opt/WebSphere/AppServer/recoveryLogs
chmod -R g+w /opt/WebSphere/AppServer/wstemp
chmod -R g+w /opt/WebSphere/AppServer/installedApps
chmod -R g+w /opt/WebSphere/AppServer/temp
chmod -R g+w /opt/WebSphere/AppServer/tranlog
chmod -R g+w /opt/WebSphere/AppServer/cloudscape50
chmod -R g+w /opt/WebSphere/AppServer/cloudscape51
chmod -R g+w /opt/WebSphere/AppServer/bin/DefaultDB |
|
- Log in as wasjms.
- Start the node and servers.
- If running jmsserver with WebSphere JMS Provider, run
dspmq to ensure that the WebSphere MQ queue is running. The name
of the queue is
WAS_node_name_jmsserver.
Running Application Server with non-root user ID,
with node agent as root
This can be done by setting all the servers to run under the same
operating system group. If running the jmsserver, the group must be
mqm to allow the jmsserver to start the WebSphere Application
Server JMS provider. If not running the jmsserver, a different
group can be used in the steps that follow:
- Create the user ID was1 for use by the Application Server.
- Add users root and was1 to group mqm.
- Reboot the system.
- Open the administration console and select the following:
System Management > Node Agents > node_agent (for the
node) > Process Definition > Process Execution
- Enter the following:
Umask: 002
User: root
Group: mqm
- This step must be applied to all servers. Substitute the name of each
application_server in the node:
Servers > Application Servers > application_server
> Process Definition > Process Execution
Enter the following:
Umask: 002
User: was1
Group: mqm
- Select the following:
JMS Servers > jmsserver (on node) > Process
Definition > Process Execution
- Enter the following:
Umask: 002
User: root
Group: mqm
- Save and synchronize.
- Stop all servers, including jmsserver.
- Stop the node.
- As root, change the following file permissions on the
directory:
install_root/WebSphere/AppServer |
|
The following example uses
/opt/WebSphere/AppServer: |
|
chgrp mqm /opt/WebSphere
chgrp mqm /opt/WebSphere/AppServer
chgrp -R mqm /opt/WebSphere/AppServer/config
chgrp -R mqm /opt/WebSphere/AppServer/logs
chgrp -R mqm /opt/WebSphere/AppServer/recoveryLogs
chgrp -R mqm /opt/WebSphere/AppServer/wstemp
chgrp -R mqm /opt/WebSphere/AppServer/installedApps
chgrp -R mqm /opt/WebSphere/AppServer/temp
chgrp -R mqm /opt/WebSphere/AppServer/tranlog
chgrp -R mqm /opt/WebSphere/AppServer/cloudscape50
chgrp -R mqm /opt/WebSphere/AppServer/cloudscape51
chgrp -R mqm /opt/WebSphere/AppServer/bin/DefaultDB
chmod g+w /opt/WebSphere
chmod g+w /opt/WebSphere/AppServer
chmod -R g+w /opt/WebSphere/AppServer/config
chmod -R g+w /opt/WebSphere/AppServer/logs
chmod -R g+w /opt/WebSphere/AppServer/recoveryLogs
chmod -R g+w /opt/WebSphere/AppServer/wstemp
chmod -R g+w /opt/WebSphere/AppServer/installedApps
chmod -R g+w /opt/WebSphere/AppServer/temp
chmod -R g+w /opt/WebSphere/AppServer/tranlog
chmod -R g+w /opt/WebSphere/AppServer/cloudscape50
chmod -R g+w /opt/WebSphere/AppServer/cloudscape51
chmod -R g+w /opt/WebSphere/AppServer/bin/DefaultDB |
|
- Start the node and servers.
- If you are running jmsserver with WebSphere JMS Provider, run
dspmq to ensure that the WebSphere MQ queue is running. The name
of the queue is
WAS_node_name_jmsserver.
Running Base server with non-root user ID
- Create the user ID was1 with primary group wasgroup.
- Reboot the system.
- If using JMS, add was1 to groups mqm and
mqbrkrs.
- Open the administrative console and select the following:
Servers > application server > application_server
> Process Definition > Process Execution
- Enter the following:
umask: 002
user id: was1
group: wasgroup
- Stop the server.
- As root, change the following file permissions on the
directory:
install_root/WebSphere/AppServer |
|
The following example uses
/opt/WebSphere/AppServer: |
|
chgrp wasgroup /opt/WebSphere
chgrp wasgroup /opt/WebSphere/AppServer
chgrp -R wasgroup /opt/WebSphere/AppServer/config
chgrp -R wasgroup /opt/WebSphere/AppServer/logs
chgrp -R wasgroup /opt/WebSphere/AppServer/recoveryLogs
chgrp -R wasgroup /opt/WebSphere/AppServer/wstemp
chgrp -R wasgroup /opt/WebSphere/AppServer/installedApps
chgrp -R wasgroup /opt/WebSphere/AppServer/temp
chgrp -R wasgroup /opt/WebSphere/AppServer/tranlog
chgrp -R wasgroup /opt/WebSphere/AppServer/cloudscape50
chgrp -R wasgroup /opt/WebSphere/AppServer/cloudscape51
chgrp -R wasgroup /opt/WebSphere/AppServer/bin/DefaultDB
chmod g+w /opt/WebSphere
chmod g+w /opt/WebSphere/AppServer
chmod -R g+w /opt/WebSphere/AppServer/config
chmod -R g+w /opt/WebSphere/AppServer/logs
chmod -R g+w /opt/WebSphere/AppServer/recoveryLogs
chmod -R g+w /opt/WebSphere/AppServer/wstemp
chmod -R g+w /opt/WebSphere/AppServer/installedApps
chmod -R g+w /opt/WebSphere/AppServer/temp
chmod -R g+w /opt/WebSphere/AppServer/tranlog
chmod -R g+w /opt/WebSphere/AppServer/cloudscape50
chmod -R g+w /opt/WebSphere/AppServer/cloudscape51
chmod -R g+w /opt/WebSphere/AppServer/bin/DefaultDB |
|
- If running jms, as root, run the following:
deletemq.sh cell_name
node_name server1 |
|
- If running the jmsserver, as was1, run the
following:
createmq.sh install_root
cell_name node_name server1 |
Where install_root is the directory in which WebSphere Application
Server is installed (for example:
/opt/WebSphere/AppServer).
|
- As was1, start server1.
- If running jms with WebSphere JMS Provider, run
dspmq to ensure that the WebSphere MQ queue is running. The name
of the queue is WAS_node_name_server1.
- If creating another server with a different user ID, follow the same
steps. The two user IDs must share the same group wasgroup.
|
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|