By default, each base WebSphere Application Server node on a Linux and UNIX platform uses the root user to run Application Servers. However, you can use a non-root user ID to run Application Servers. However, that ID must be part of the primary group. This task describes how to configure an Application Server to run from a non-root user ID while letting the nodeagent process and the jmsserver process run as root.
Before you begin
If global security is enabled, it is not recommended that the Local OS be used for user registry. In general, using the Local OS user registry requires that all processes run as root. Refer to Local operating system user registries for details.Why and when to perform this task
Using a non-root user ID to run Application Servers can be done by setting all the Application Servers to run under the same operating system group. If you are running the JMS provider that WebSphere Application Server provides, add the jmsserver server to the mqm group to allow jmsserver to start the message queue. If you are not running jmsserver, you can use a group other than mqm in the following steps.
Steps for this task
startManager.sh
Property | Value |
---|---|
Run As User | root |
Run As Group | mqm |
UMASK | 002 |
Property | Value |
---|---|
Run As User | was1 |
Run As Group | mqm |
UMASK | 002 |
Property | Value |
---|---|
Run As User | root |
Run As Group | mqm |
UMASK | 002 |
stopServer.sh server1 stopServer.sh jmsserver
stopNode.sh
Note: When you use the chown command to change the owner of JSPs that are already complied and reside in the temp directory, the CPU does not have to continuously recompile these JSP. If you do not issue this command, you should delete the application temp directory to lower CPU usage.
chown root:mqm /opt/WebSphere/AppServer/temp chgrp mqm /opt/WebSphere chgrp mqm /opt/WebSphere/AppServer chgrp -R mqm /opt/WebSphere/AppServer/config chgrp -R mqm /opt/WebSphere/AppServer/logs chgrp -R mqm /opt/WebSphere/AppServer/properties chgrp -R mqm /opt/WebSphere/AppServer/wstemp chgrp -R mqm /opt/WebSphere/AppServer/installedApps chgrp -R mqm /opt/WebSphere/AppServer/temp chgrp -R mqm /opt/WebSphere/AppServer/tranlog chgrp -R mqm /opt/WebSphere/AppServer/cloudscape chgrp -R mqm /opt/WebSphere/AppServer/bin/DefaultDB chmod g+wr /opt/WebSphere chmod g+wr /opt/WebSphere/AppServer chmod -R g+wr /opt/WebSphere/AppServer/config chmod -R g+wr /opt/WebSphere/AppServer/logs chmod -R g+wr /opt/WebSphere/AppServer/properties chmod -R g+wr /opt/WebSphere/AppServer/wstemp chmod -R g+wr /opt/WebSphere/AppServer/installedApps chmod -R g+wr /opt/WebSphere/AppServer/temp chmod -R g+wr /opt/WebSphere/AppServer/tranlog chmod -R g+wr /opt/WebSphere/AppServer/cloudscape chmod -R g+wr /opt/WebSphere/AppServer/bin/DefaultDB
startNode.sh
startServer.sh jmsserver
startServer.sh server1
dspmq.sh
The name of the queue is WAS_wasnode_jmsserver.
Results
You can start an Application Server from a non-root user and run the nodeagent and jmsserver as root.