Granting write permission of files and directories to a non-root user for profile creation

The root user can grant write permission of the appropriate files and directories to a non-root user. The non-root user can then create the profile. The root user can create a group for users who are authorized to create profiles, or the root user can give individual users the authority to create profiles. The following example task shows how to create a group that is authorized to create profiles.

Before you begin

This task assumes a basic familiarity with system commands.

This task uses the following terms:
  • Root users refers to:
    • [Linux] [HP-UX] [Solaris] [AIX] Root users
    • [Windows] Administrators
  • Non-root users refers to:
    • [Linux] [HP-UX] [Solaris] [AIX] Non-root users
    • [Windows] Non-administrators

You must have root authority to accomplish the following tasks.

About this task

The root user can perform the following steps to create the profilers group and give the group appropriate permissions to create a profile.

Procedure

  1. Log on as the root user to the system where the product is installed.
  2. Create the profilers group that you can use to create profiles.
  3. Create a user named user1 to create profiles.
  4. Add the root user and user1 to the profilers group.
  5. [Linux] [HP-UX] [Solaris] [AIX] Log off and log back on again as the root user to use the new group.
  6. As the root user, use operating system tools to change directory and file permissions.
    [Linux] [HP-UX] [Solaris] [AIX] The following example assumes that the installation root directory is /opt/IBM/WebSphere/AppServer:
    chgrp  profilers /opt/IBM/WebSphere/AppServer/logs/wasprofile
    chmod  g+wr  /opt/IBM/WebSphere/AppServer/logs/wasprofile
    chgrp  profilers /opt/IBM/WebSphere/AppServer/properties
    chmod  g+wr  /opt/IBM/WebSphere/AppServer/properties
    chgrp  profilers /opt/IBM/WebSphere/AppServer/properties/fsdb
    chmod  g+wr  /opt/IBM/WebSphere/AppServer/properties/fsdb
    chgrp  profilers /opt/IBM/WebSphere/AppServer/properties/profileRegistry.xml
    chmod  g+wr  /opt/IBM/WebSphere/AppServer/properties/profileRegistry.xml
    chgrp -R profilers /opt/IBM/WebSphere/AppServer/profileTemplates
    
    [Windows] The following example assumes that the installation root directory is C:\Program Files\IBM\WebSphere\AppServer. Follow instructions in the Windows documentation to give the profilers group read and write permission to the following directories and their files:
    
    C:\Program Files\IBM\WebSphere\AppServer\logs\wasprofile
    C:\Program Files\IBM\WebSphere\AppServer\properties
    C:\Program Files\IBM\WebSphere\AppServer\properties\fsdb
    C:\Program Files\IBM\WebSphere\AppServer\properties\profileRegistry.xml

    You might have to change the permissions on additional files if the non-root user encounters permission errors. For example, if you authorize a non-root user to delete a profile, then the user might have to delete the following file:

    [Linux] [HP-UX] [Solaris] [AIX] app_server_root/properties/profileRegistry.xml_LOCK

    [Windows] app_server_root\properties\profileRegistry.xml_LOCK

    • Give write access to the non-root user for the file to authorize the user to delete the file. If the non-root user still cannot delete the profile, then he root user can delete the profile.

Results

The root user created the profilers group and gave the group proper permissions to certain directories and files to create profiles.

These directories and files are the only ones in the installation root of the product to which a non-root user needs to write to create profiles.

What to do next

The non-root user that belongs to the profilers group can create profiles in a directory that the non-root user owns and to which the non-root user has write permission. However, the non-root user cannot create profiles in the installation root directory of the product.

A non-root user ID can manage multiple profiles. For a given profile, have the same non-root user ID manage the entire profile.

The non-root user can use the same tasks to manage a profile that the root user uses.




In this information ...


Related reference

IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 6:22:59 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-express-dist&topic=tpro_nonrootpro
File name: tpro_nonrootpro.html