WebSphere Application Server Network Deployment, Version 6.0.x   Operating Systems: AIX, HP-UX, Linux, Solaris, Windows
             [TIP: Focusing the table of contents and search results]

Running the deployment manager with a non-root user ID

This article describes how to run the deployment manager with a non-root user ID on operating systems such as AIX or Linux.

Before you begin

If global security is enabled, the user registry must not be Local OS. Using the Local OS user registry requires the dmgr process to run as root. If you are attempting to run a deployment manager as root in WebSphere Application Server Version 6 when you previously used a non-root user ID on operating systems such as AIX or Linux in Version 5.x, see Migrating a previously non-root configuration to root .

About this task

By default, the Network Deployment product on Linux platforms uses the root user to run the deployment manager, which is the dmgr process. You can use a non-root user to run the deployment manager. You might want to change to a non-root user ID for security or administrative reasons.

Perform this task to change the permissions for the deployment manager. Restart the deployment manager for the changes to take effect.

For the steps that follow, assume that:
  • wasadmin is the user to run all servers
  • wasgroup is the user group
  • dmgr is the deployment manager
  • the installation root for Network Deployment is app_server_root, for example /opt/IBM/WebSphere/AppServer
  • you created a run-time environment with a single profile or multiple profiles

To configure a user to run the deployment manager, complete the following steps:

Procedure

  1. Log on to the Network Deployment system as root.
  2. Create user wasadmin with primary group wasgroup.
  3. Start the deployment manager process as root with the startManager.sh script.
    Issue the script command:
    app_server_root/profiles/deployment manager profile name/bin/
    
    ./startManager.sh
  4. Start the administrative console.
  5. Define the dmgr process to run as a wasadmin process.
    Click System Administration > Deployment manager > Server Infrastructure > Java and Process Management > Process Definition > Additional Properties > Process Execution and change all of these values:
    Property Value
    Run As User wasadmin
    Run As Group wasgroup
    UMASK 002

    The value 002 means the files the process creates are writable by the group and by others as defined on operating systems such as AIX or Linux.

  6. Save the configuration.
  7. Stop the deployment manager with the stopManager.sh script.
    Issue the script command from the app_server_root/profiles/profile name/bin directory:
    ./stopManager.sh
  8. As root, use operating system tools to change file permissions on operating systems such as AIX or Linux. The following example assumes /opt/IBM/WebSphere/AppServer is the installation root:
    
    chgrp wasgroup /opt/IBM/WebSphere
    chgrp wasgroup /opt/IBM/WebSphere/AppServer
    chgrp wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name
    chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/config
    chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/logs
    chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/wstemp
    chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/installedApps
    chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/installedFilters
    chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/temp
    chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/tranlog
    chmod g+wr /opt/IBM/WebSphere
    chmod g+wr /opt/IBM/WebSphere/AppServer
    chmod g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name
    chmod -R g+wr  /opt/IBM/WebSphere/AppServer/profiles/profile name/config
    chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/logs
    chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/wstemp
    chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/installedApps
    chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/installedFilters
    chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/temp
    chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/tranlog
    
  9. Log in as wasadmin on the Network Deployment system.
  10. Start the deployment manager process with the startManager.sh script.
    Issue the script command:
    app_server_root/profiles/deployment manager profile name/bin/
    
    ./startManager.sh

Results

You can start a deployment manager process from a non-root user.



Related tasks
Running an application server from a non-root user and the node agent from root
Running an Application Server and node agent from a non-root user
Configuring deployment managers
Related reference
wasprofile command
Task topic    

Terms of Use | Feedback

Last updated: Mar 8, 2007 8:14:28 PM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tagt_nd_nonroot.html

© Copyright IBM Corporation 2003, 2006. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)