[Linux][UNIX][Windows]WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Granting write permission of files and directories to a non-root user for profile creation

The root user can grant write permission of the appropriate files and directories to a non-root user. The non-root user can then create the profile. The root user can create a group for users who are authorized to create profiles, or the root user can give individual users the ability to create profiles. The following example shows how to create a group that is authorized to create profiles.

Before you begin

This task assumes a basic familiarity with system commands.
This task uses the following terms:
  • Root users refers to root users on Linux and UNIX platforms, and to administrators on Windows platforms.
  • Non-root users refers to non-root users on Linux and UNIX platforms, and to non-administrators on Windows platforms.

You must have root authority to accomplish the following tasks.

Why and when to perform this task

Have the root user perform the following steps to create a group that is authorized to create profiles.

Steps for this task

  1. Log on as the root user to the system that has WebSphere Application Server installed.
  2. Create the profilers group that you can use to create profiles.
  3. Create a user named user1 to create profiles.
  4. Add the root user and user1 to the profilers group.
  5. [Linux][UNIX]Log off and back on as the root user to pick up the new group.
  6. As the root user, create the install_root/logs/wasprofile directory if the directory does not yet exist:
    [Linux][UNIX]
    mkdir /opt/IBM/WebSphere/AppServer/logs/wasprofile
    
    [Windows]Follow instructions in the Windows documentation to create the following directory:
    C:\opt\IBM\WebSphere\AppServer\logs\wasprofile
    
  7. As the root user, use operating system tools to change directory and file permissions.
    [Linux][UNIX]The following example assumes that the installation root directory is /opt/IBM/WebSphere/AppServer .
    chgrp profilers /opt/IBM/WebSphere/AppServer/logs/wasprofile
    chmod g+wr  /opt/IBM/WebSphere/AppServer/logs/wasprofile
    chgrp profilers /opt/IBM/WebSphere/AppServer/properties
    chmod g+wr  /opt/IBM/WebSphere/AppServer/properties
    chgrp profilers /opt/IBM/WebSphere/AppServer/properties/fsdb
    chmod g+wr  /opt/IBM/WebSphere/AppServer/properties/fsdb
    chgrp profilers /opt/IBM/WebSphere/AppServer/properties/profileRegistry.xml
    chmod g+wr  /opt/IBM/WebSphere/AppServer/properties/profileRegistry.xml
    
    [Linux]
    chgrp profilers /opt/IBM/WebSphere/AppServer/properties/Profiles.menu
    chmod g+wr /opt/IBM/WebSphere/AppServer/properties/Profiles.menu
    The profilers group is given read and write permission to the listed directories and their files. These are the only directories in the installation root of WebSphere Application Server to which a non-root user needs to write.
    [Windows]The following example assumes that the installation root directory is \opt\IBM\WebSphere\AppServer . Follow instructions in the Windows documentation to give the profilers group read and write permission to the following directories and their files:
    
    \opt\IBM\WebSphere\AppServer\logs\wasprofile
    C:\opt\IBM\WebSphere\AppServer\properties
    C:\opt\IBM\WebSphere\AppServer\properties\fsdb
    C:\opt\IBM\WebSphere\AppServer\properties\profileRegistry.xml
    These are the only directories in the installation root of WebSphere Application Server to which a non-root user needs to write.

    Some of the files in the directories in the preceding list are created when creating the profile. So it is impossible to assign ownership of the files. However, assigning ownership of the directories allows the non-root user to create the file. Such files include:

    [Linux][UNIX]
    /opt/IBM/WebSphere/AppServer/properties/fsdb
    /opt/IBM/WebSphere/AppServer/properties/profileRegistry.xml
    [Windows]
    C:\opt\IBM\WebSphere\AppServer\properties\fsdb
    C:\opt\IBM\WebSphere\AppServer\properties\profileRegistry.xml

    You might have to change the permissions on additional files if the non-root user encounters permission problems. For example, if you allow a non-root user to delete a profile, the user might have to delete the following file:

    [Linux][UNIX]installation_root/properties/profileRegistry.xml_LOCK

    [Windows]installation_rootC:\properties\profileRegistry.xml_LOCK

    • Give write access to the non-root user for the file to allow the user to delete the file. If the non-root user still cannot delete the profile, the root user can delete the profile.

Result

The root user created the profilers group and gave the group proper permissions to create a profile.

What to do next

Have the non-root user that belongs to the profilers group create a profile in a directory that the non-root user owns and to which the non-root user has write permission, but not in the installation root directory of the product.



Related reference
wasprofile command

Task topic    

Terms of Use | Feedback

Last updated: Dec 11, 2005 4:07:15 PM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tpro_nonrootpro.html

© Copyright IBM Corporation 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)