[AIX Solaris HP-UX Linux Windows]

Assigning profile ownership to a non-root user

An installer can create a profile and assign ownership of the profile directory to a non-root user so that the non-root user can start the product for a specific profile.

Before you begin

This task assumes a basic familiarity with the manageprofiles command and system commands.

This task uses the following terms:
  • Root users refers to:
    • [Linux][HP-UX][Solaris][AIX] Root users
    • [Windows] Administrators
  • Non-root users refers to:
    • [Linux][HP-UX][Solaris][AIX] Non-root users
    • [Windows] Non-administrators
  • Installer refers to a root user or a non-root user.

Before you can create a profile, you must install the product.

About this task

Have the installer perform the following steps to create a profile and assign ownership for the profile directory and the logs directory. The ownership is assigned to a non-root user ID that is different from the installer ID. The non-root user needs access to these directories to start the product.

This example creates a default profile.

The commands are split on multiple lines for printing purposes.

Procedure

  1. Create the profile by issuing the following code from a command prompt:
    [Linux][HP-UX][Solaris][AIX]
    ./manageprofiles.sh -create -profileName profile01 -profilePath
    app_server_root/profiles/profile01 -templatePath 
    app_server_root/profileTemplates/default 
    [Windows]
    manageprofiles.bat -create -profileName profile01 -profilePath 
    app_server_root\profiles\profile01 -templatePath 
    app_server_root\profileTemplates\default 
  2. Change ownership of the profile01 profile directory to the user1 non-root user.
    [Linux][HP-UX][Solaris][AIX] For example, issue the following command:
    chown -R user1 app_server_root/profiles/profile01
    [Windows] Follow instructions in the Windows documentation to grant user1 access to the following directory:
    app_server_root\profiles\profile01
  3. Change the ownership of the logs directory for the profile01 profile to the user1 non-root user to prevent displaying log messages to the console.
    [Linux][HP-UX][Solaris][AIX] Issue the following command:
    chown -R user1 app_server_root/logs/manageprofiles/profile01
    [Windows] Follow instructions in the Windows documentation to grant user1 access to the following directory:
    app_server_root\logs\manageprofiles\profile01

Results

The installer has created a default profile and changed ownership of the profile directory and log directory to a non-root user.

What to do next

As the installer, you can continue to create profiles and assign ownership to non-root users as needed.

A non-root user ID can manage multiple profiles. Have the same non-root user ID manage an entire profile, whether it is the deployment manager profile, a profile that contains the application servers and the node agent, or a custom profile. A different user ID can be used for each profile in a cell, whether global security or administrative security is enabled or disabled. The user IDs can be a mix of root and non-root user IDs. For example, the root user might manage the deployment manager profile, while a non-root user might manage a profile that contains application servers and the node agent, or vice versa. However, typically, a root user or a non-root user manages all profiles in a cell.

The non-root user can use the same tasks to manage a profile that the root user uses.

Task topic    

Terms and conditions for information centers | Feedback

Last updated: April 20, 2014 08:46 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-mp&topic=tpro_rootpro_nonroot_own
File name: tpro_rootpro_nonroot_own.html