The root user can grant write permission
of the appropriate files and directories to a non-root user. The non-root
user can then create the profile. The root user can create a group for users
who are authorized to create profiles, or the root user can give individual
users the ability to create profiles. The following example task shows how
to create a group that is authorized to create profiles.
Before you begin
This task assumes a basic familiarity with system commands.
You must have root authority to accomplish the following
tasks.
About this task
The steps that you follow to grant write permission
of files and directories to a non-root user for profile creation depends on
whether a profile was previously created.
If
at least one profile was created prior to implementing the following steps,
certain directories and files were created. Because these directories and
files were created, skip the steps that create these directories and files.
If no profile was previously created, you must implement the steps to create
the required directories and files. In most cases, a profile has been created
previously.
Have the root user perform the following
steps to create the profilers group and give the group proper permissions
to create a profile.
Procedure
- Log on as the root user to the system
that has WebSphere Application Server installed.
- Create
the profilers group that you can use to create profiles.
- Create
a user named user1 to create profiles.
- Add the root user and user1 to
the profilers group.
Log
off and back on as the root user to pick up the new group.
- Create
the following directories as the root user, if no profile was previously created:
-
![[Windows]](../../windows.gif)
Create the
app_server_root\logs\wasprofile directory by
following instructions in the Windows documentation. For this example procedure
the directory is:
app_server_root\logs\wasprofile
-
![[Windows]](../../windows.gif)
Create the
app_server_root\properties\fsdb directory
by following instructions in the Windows documentation. For this example procedure
the directory is:
app_server_root\properties\fsdb
- As the
root user, create the profileRegistry.xml file and add the
proper information, if no profile was previously created:
Follow
directions for your operating system to create the profileRegistry.xml file.
For this example, the file paths are:
Follow instructions for your operating system to add the following information
to the
profileRegistry.xml file. The file must be encoded
as
UTF-8.
<?xml version="1.0" encoding="UTF-8"?>
<profiles/>
- As the root user, use operating system
tools to change directory and file permissions.
![[Windows]](../../windows.gif)
The following example assumes that the installation root
directory is
C:\Program Files\IBM\WebSphere\AppServer .
Follow instructions in the Windows documentation to give the profilers group
read and write permission to the following directories and their files:
C:\Program Files\IBM\WebSphere\AppServer\logs\wasprofile
C:\Program Files\IBM\WebSphere\AppServer\properties
C:\Program Files\IBM\WebSphere\AppServer\properties\fsdb
C:\Program Files\IBM\WebSphere\AppServer\properties\profileRegistry.xml
You
might have to change the permissions on additional files if the non-root user
encounters permission problems. For example, if you allow a non-root user
to delete a profile, the user might have to delete the following file:
app_server_root/properties/profileRegistry.xml_LOCK
app_server_root\properties\profileRegistry.xml_LOCK
- Give write access to the non-root user for the
file to allow the user to delete the file. If the non-root user still cannot
delete the profile, the root user can delete the profile.
Results
The root user created the profilers group
and gave the group proper permissions to certain directories and files to
create a profile. These directories and files are the only
ones in the installation root of WebSphere Application Server to which a non-root
user needs to write to create a profile. These
directories and files are the only ones in the installation root of WebSphere
Application Server to which a non-root user needs to write to create and augment
a profile.
What to do next
Have the non-root user that belongs to the profilers group create
a profile in a directory that the non-root user owns and to which the non-root
user has write permission, but not in the installation root directory of the
product.