Icon indicating 6.0.1 content only Start of change

Creating and augmenting profiles as a non-root user on Linux or UNIX systems

This topic describes how non-root users can create or augment profiles on Linux and UNIX systems.

Draft comment:
I added augmenting to tasks (instead of just create).
The root user can grant write permission to the appropriate WebSphere Process Server files and directories to allow a non-root user to create or augment profiles. Or, the root user can create a group for users who are authorized to create or augment profiles.
Restriction: WebSphere Process Server does not support changing ownership of profiles from root to non-root users.

Non-root users must store their profiles in their private directory structure, not in the install_root directory of the product.

Restriction: An ease-of-use limitation exists for non-root users who create profiles. Mechanisms within the Profile Wizard that suggest unique names and port values are disabled for non-root users. The non-root user must change the default field values in the Profile Wizard for the profile name, node name, cell name, and port assignments. The root user can assign non-root users a range of values for each of the fields, and require them to adhere to their proper value ranges and to maintain the integrity of their own definitions.
The following example shows how a root user can create a group that is authorized to create and augment profiles and then grant the users in that group write permission to the appropriate WebSphere Process Server directories.
  1. Log on to the WebSphere Process Server system as the root user.
  2. Using operating system commands, create a group named profilers, which will contain all users who can create and augment profiles.
  3. Using operating system commands, create a user named user1, who can create or augment profiles.
  4. Using operating system commands, add users root and user1 to the profilers group.
  5. Log off and log back on as the root user to pick up the new group.
  6. As the root user, use operating system commands to create the directory install_root/logs/wasprofile/ if the directory does not yet exist. For example:
     mkdir /opt/IBM/WebSphere/ProcServer/logs/wasprofile
  7. Run the following script, where $WASHOME indicates the root installation directory of WebSphere Process Server (in this example, /opt/IBM/WebSphere/ProcServer):
    export WASHOME=/opt/IBM/WebSphere/ProcServer
    echo $WASHOME
    echo "Performing chggrp/chmod per WAS directions..."
    echo "This script will *try* to create WAS_HOME/logs/wasprofile...it may already exist"
    mkdir $WASHOME/logs/wasprofile
    chgrp profilers $WASHOME/logs/wasprofile
    chmod g+wr  $WASHOME/logs/wasprofile
    chgrp profilers $WASHOME/properties
    chmod g+wr  $WASHOME/properties
    chgrp profilers $WASHOME/properties/fsdb
    chmod g+wr  $WASHOME/properties/fsdb
    chgrp profilers $WASHOME/properties/profileRegistry.xml
    chmod g+wr  $WASHOME/properties/profileRegistry.xml
    echo "Performing chggrp/chmod per WPS directions..."
    chgrp profilers $WASHOME/CEI/properties/version
    chmod g+wr  $WASHOME/CEI/properties/version
    chgrp profilers $WASHOME/CEI/properties/version/event_server.product
    chmod g+wr  $WASHOME/CEI/properties/version/event_server.product
    echo "These are necessary if using cloudscape..."
    chgrp profilers $WASHOME/cloudscape
    chmod g+wr  $WASHOME/cloudscape
    chgrp profilers $WASHOME/cloudscape/db2j.log
    chmod g+wr  $WASHOME/cloudscape/db2j.log
    chgrp profilers $WASHOME/cloudscape/databases
    chmod g+wrx  $WASHOME/cloudscape/databases
    echo "And in case WPSDB already exists..."
    chgrp profilers $WASHOME/cloudscape/databases/WPRCSDB
    chmod g+wrx  $WASHOME/cloudscape/databases/WPRCSDB
    chgrp -R profilers $WASHOME/cloudscape/databases/WPRCSDB/*
    chmod -R g+wrx  $WASHOME/cloudscape/databases/WPRCSDB/*
    echo "done

Non-root users who belong to the group profilers can then create or augment a profile in any directory to which they have write permission.

If a non-root user does not have write access to any directories, it is up to the root user to change that situation. If the non-root user does not have write access to the /tmp directory, it is up to the root user to change that as well.


Terms of use | | Broken links

Last updated: Mon Apr 03 11:16:50 2006

(c) Copyright IBM Corporation 2005.
This information center is powered by Eclipse technology (http://www.eclipse.org)

End of change