By default, each base Application Server node on a Linux, or UNIX, platform uses the root user ID to run the node agent process and all Application Server processes. However, you can run the node agent and all Application Server processes under the same non-root user and user group. If you do run the node agent process with a non-root user ID, you must run all Application Server processes that the node agent controls under the same non-root user ID.
If global security is enabled, the user registry must not be Local OS. Using the Local OS user registry requires the node agent to run as root. Refer to Local operating system user registries for details.
Run your application servers and node agent as non-root when you no longer want to use root authority. For security or administrative reasons, you may want to change to non-root user IDs. Perform this task at any time to change the permissions of a node agent or application server. You must restart the node agent and application servers in order for the changes to take effect.
If you are running WebSphere Application Server as a non-root user, add IBMLSDActiveServerList.asl to your non-root user file permissions.
If you are using the Tivoli Access Manager to perform authentication or authorization for WebSphere Application Server, it is important to be aware of potential permissions problems. For more information, see Tivoli Access Manager JACC provider configuration .
To configure a user ID to run the node agent and all server processes, complete the following steps.