By default, each base Application Server node on a Linux or UNIX platform uses the root user ID to run the node agent process, the jmsserver process, and all Application Server processes. However, you can run the node agent server process, the jmsserver server process, and all Application Server processes under the same non-root user and user group. If you do run the node agent process with a non-root user ID, you must run the jmsserver process and all Application Server processes that the node agent controls, under the same non-root user ID.
Before you begin
If global security is enabled, the user registry must not be Local OS. Using the Local OS user registry requires the node agent to run as root. Refer to Local operating system user registries for details.Why and when to perform this task
Using the same non-root user and user group gives the node agent process the operating system permissions to start all other server processes. If using the JMS provider that WebSphere Application Server provides, the user group must be mqm for the jmsserver to start the message queue. If you are not using the JMS provider that WebSphere Application Server provides, you can specify a user group other than mqm.Note: The node agent saves registered server data to the IBMLSDActiveServerList.asl file, in the path that is specified by the com.ibm.ws.orb.services.lsd.StoreActiveServerList property. If you do not specify a value for the com.ibm.ws.orb.services.lsd.StoreActiveServerList property, the node agent does not save the data. The value you specify for this property must be the complete path location of the IBMLSDActiveServerList.asl file. The CLASSPATH environment variable is not used in locating the path.
If you are running WebSphere Application Server as a non-root user, add IBMLSDActiveServerList.asl to your non-root user file permissions.
For the steps that follow, assume that:
To configure a user ID to run the node agent process and all server processes, complete the following steps.
Steps for this task
startManager.sh
Property | Value |
---|---|
Run As User | wasadmin |
Run As Group | mqm |
UMASK | 002 |
Note: Make sure that the node agent is running if you are going to change the value specified for either the Run As Group or Run As User property. If the value for either of these properties is changed while the node agent is not running, the Deployment Manager can not push the changes to the node.
Property | Value |
---|---|
Run As User | wasadmin |
Run As Group | mqm |
UMASK | 002 |
Property | Value |
---|---|
Run As User | wasadmin |
Run As Group | mqm |
UMASK | 002 |
stopServer.sh server1 stopServer.sh jmsserver
stopNode.sh
deletemq.sh wascell wasnode jmsserver
Note: When you use the chown command to change the owner of JSPs that are already complied and reside in the temp directory, the CPU does not have to continuously recompile these JSP. If you do not issue this command, you should delete the application temp directory to lower CPU usage.
chown root:mqm /opt/WebSphere/AppServer/temp chgrp mqm /opt/WebSphere chgrp mqm /opt/WebSphere/AppServer chgrp -R mqm /opt/WebSphere/AppServer/config chgrp -R mqm /opt/WebSphere/AppServer/logs chgrp -R mqm /opt/WebSphere/AppServer/properties chgrp -R mqm /opt/WebSphere/AppServer/wstemp chgrp -R mqm /opt/WebSphere/AppServer/installedApps chgrp -R mqm /opt/WebSphere/AppServer/temp chgrp -R mqm /opt/WebSphere/AppServer/tranlog chgrp -R mqm /opt/WebSphere/AppServer/cloudscape chgrp -R mqm /opt/WebSphere/AppServer/bin/DefaultDB chmod g+wr /opt/WebSphere chmod g+wr /opt/WebSphere/AppServer chmod -R g+wr /opt/WebSphere/AppServer/config chmod -R g+wr /opt/WebSphere/AppServer/logs chmod -R g+wr /opt/WebSphere/AppServer/properties chmod -R g+wr /opt/WebSphere/AppServer/wstemp chmod -R g+wr /opt/WebSphere/AppServer/installedApps chmod -R g+wr /opt/WebSphere/AppServer/temp chmod -R g+wr /opt/WebSphere/AppServer/tranlog chmod -R g+wr /opt/WebSphere/AppServer/cloudscape chmod -R g+wr /opt/WebSphere/AppServer/bin/DefaultDB
createmq.sh /opt/WebSphere/AppServer wascell wasnode jmsserver
startServer.sh jmsserver startServer.sh server1
dspmq.sh
The name of the queue is WAS_wasnode_jmsserver.
Results
You can start an Application Server, the jmsserver, and the nodeagent from a non-root user.