Non-root users can create or augment WebSphere Process Server profiles
on Linux and UNIX systems.
The root user can grant write permission to the appropriate WebSphere Process
Server files and directories to allow a non-root user to create or augment
profiles. Or, the root user can create a group for users who are authorized
to create or augment profiles.
Restriction: WebSphere Process
Server does not support changing ownership of profiles from root to non-root
users.
Non-root users must store their profiles in their private directory structure,
not in the install_root/profiles directory of the
product.
Restriction: Port suggestions made by the Profile wizard when
a non-root user is creating or augmenting a profile cannot be relied upon.
The user must manually ensure that the port suggestions are unique. The user
must change the default field values in the Profile wizard for the profile
name, node name, cell name, and port assignments. The root user can assign
non-root users a range of values for each of the fields, and require them
to adhere to their proper value ranges and to maintain the integrity of their
own definitions.
Steps the root user must perform to grant appropriate permissions
The following example shows how a root user can create a group that is
authorized to create and augment profiles and then grant the users in that
group write permission to the appropriate WebSphere Process Server directories.
- Log on to the WebSphere Process Server system as the root user.
- Using operating system commands, do the following:
- Create a group named profilers, which will contain all users
who can create and augment profiles.
- Create a user named user1, who can create or augment profiles.
- Add users root and user1 to the profilers group.
- Log off and log back on as the root user to pick up the new group. Verify
that you have logged off and back on again by entering the following command
and verifying that profilers is in the list it returns:
groups root
- Save the text in the box that follows as a script file. Set the variable $WASHOME
to be the WebSphere Process Server root installation directory (in this example, /opt/IBM/WebSphere/ProcServer).
Then run the script. If no profiles have yet been created, you might have
to run this program again if you created a profile as the root user before
doing it as user1. Some files exist only after the first
profile has been created.
export WASHOME=/opt/IBM/WebSphere/ProcServer
echo $WASHOME
echo "Performing chggrp/chmod per WAS directions..."
echo "This script will *try* to create WAS_HOME/logs/wasprofile...it may already exist"
mkdir $WASHOME/logs/wasprofile
chgrp profilers $WASHOME/logs/wasprofile
chmod g+wr $WASHOME/logs/wasprofile
chgrp profilers $WASHOME/properties
chmod g+wr $WASHOME/properties
# "fsdb exists only after first profile is created"
chgrp profilers $WASHOME/properties/fsdb
chmod g+wr $WASHOME/properties/fsdb
# "profileRegistry.xml exists after first profile is created"
chgrp profilers $WASHOME/properties/profileRegistry.xml
chmod g+wr $WASHOME/properties/profileRegistry.xml
echo "Performing chggrp/chmod per WPS directions..."
chgrp profilers $WASHOME/CEI/properties/version
chmod g+wr $WASHOME/CEI/properties/version
chgrp profilers $WASHOME/CEI/properties/version/event_server.product
chmod g+wr $WASHOME/CEI/properties/version/event_server.product
echo "These are necessary if using cloudscape..."
chgrp profilers $WASHOME/cloudscape
chmod g+wr $WASHOME/cloudscape
# "db2j.log may or may not exist yet"
chgrp profilers $WASHOME/cloudscape/db2j.log
chmod g+wr $WASHOME/cloudscape/db2j.log
# "databases directory may or may not exist yet"
chgrp profilers $WASHOME/cloudscape/databases
chmod g+wrx $WASHOME/cloudscape/databases
echo "done"
Steps the non-root user must perform
The non-root user (in this example,
user1), must pick
up the new group (
profilers) by doing the following:
- Log off and log back on as user1 to pick up the new group.
Verify that you have logged off and back on again by entering the following
command and verifying that profilers is in the list it returns:
groups user1
- Start the WebSphere Process Server Profile wizard to create a new profile
or augment an existing one. If you are augmenting an existing profile, user1 must
have write permissions for it.
Last updated: Wed 01 Nov 2006 07:47:12
(c) Copyright IBM Corporation 2005, 2006.
This information center is powered by Eclipse technology (http://www.eclipse.org)