Creating and augmenting profiles as a non-root user on Linux or UNIX systems

Non-root users can create or augment WebSphere Process Server profiles on Linux and UNIX systems.

The root user can grant write permission to the appropriate WebSphere Process Server files and directories to allow a non-root user to create or augment profiles. Or, the root user can create a group for users who are authorized to create or augment profiles.
Restriction: WebSphere Process Server does not support changing ownership of profiles from root to non-root users.

Non-root users must store their profiles in their private directory structure, not in the install_root/profiles directory of the product.

Restriction: Port suggestions made by the Profile wizard when a non-root user is creating or augmenting a profile cannot be relied upon. The user must manually ensure that the port suggestions are unique. The user must change the default field values in the Profile wizard for the profile name, node name, cell name, and port assignments. The root user can assign non-root users a range of values for each of the fields, and require them to adhere to their proper value ranges and to maintain the integrity of their own definitions.

Steps the root user must perform to grant appropriate permissions

The following example shows how a root user can create a group that is authorized to create and augment profiles and then grant the users in that group write permission to the appropriate WebSphere Process Server directories.
  1. Log on to the WebSphere Process Server system as the root user.
  2. Using operating system commands, do the following:
    • Create a group named profilers, which will contain all users who can create and augment profiles.
    • Create a user named user1, who can create or augment profiles.
    • Add users root and user1 to the profilers group.
  3. Log off and log back on as the root user to pick up the new group. Verify that you have logged off and back on again by entering the following command and verifying that profilers is in the list it returns:
    groups root
  4. Save the text in the box that follows as a script file. Set the variable $WASHOME to be the WebSphere Process Server root installation directory (in this example, /opt/IBM/WebSphere/ProcServer). Then run the script. If no profiles have yet been created, you might have to run this program again if you created a profile as the root user before doing it as user1. Some files exist only after the first profile has been created.
    export WASHOME=/opt/IBM/WebSphere/ProcServer
    
    echo $WASHOME
    echo "Performing chggrp/chmod per WAS directions..."
    echo "This script will *try* to create WAS_HOME/logs/wasprofile...it may already exist"
    mkdir $WASHOME/logs/wasprofile
    chgrp profilers $WASHOME/logs/wasprofile
    chmod g+wr  $WASHOME/logs/wasprofile
    chgrp profilers $WASHOME/properties
    chmod g+wr  $WASHOME/properties
    # "fsdb exists only  after first profile is created"
    chgrp profilers $WASHOME/properties/fsdb
    chmod g+wr  $WASHOME/properties/fsdb
    # "profileRegistry.xml exists after first profile is created"
    chgrp profilers $WASHOME/properties/profileRegistry.xml
    chmod g+wr  $WASHOME/properties/profileRegistry.xml
    echo "Performing chggrp/chmod per WPS directions..."
    chgrp profilers $WASHOME/CEI/properties/version
    chmod g+wr  $WASHOME/CEI/properties/version
    chgrp profilers $WASHOME/CEI/properties/version/event_server.product
    chmod g+wr  $WASHOME/CEI/properties/version/event_server.product
    echo "These are necessary if using cloudscape..."
    chgrp profilers $WASHOME/cloudscape
    chmod g+wr  $WASHOME/cloudscape
    # "db2j.log may or may not exist yet"
    chgrp profilers $WASHOME/cloudscape/db2j.log
    chmod g+wr  $WASHOME/cloudscape/db2j.log
    # "databases directory may or may not exist yet"
    chgrp profilers $WASHOME/cloudscape/databases
    chmod g+wrx  $WASHOME/cloudscape/databases
    echo "done"

Steps the non-root user must perform

The non-root user (in this example, user1), must pick up the new group (profilers) by doing the following:
  1. Log off and log back on as user1 to pick up the new group. Verify that you have logged off and back on again by entering the following command and verifying that profilers is in the list it returns:
    groups user1
  2. Start the WebSphere Process Server Profile wizard to create a new profile or augment an existing one. If you are augmenting an existing profile, user1 must have write permissions for it.

Last updated: Wed 01 Nov 2006 07:47:12

(c) Copyright IBM Corporation 2005, 2006.
This information center is powered by Eclipse technology (http://www.eclipse.org)