Running Application Servers from a non-root user
By default, each base WAS node on a Linux and UNIX platform uses the root user ID to run all Application Server processes. However, you can run all Application Server processes under the same non-root user and user group.
If global security is enabled, the user registry must not be Local OS. Using the Local OS user registry requires the Application Server to run as root.
Here are steps to take, using group "mqm" for group ownership...
- If it does not exist, create group mqm
- Create the account that you want to use to run WAS.
- Make sure this account is part of group "mqm".
- Change the primary group ID for the account to mqm.
- Run the following from the UNIX commandline:
### Change group ID values ### chgrp mqm /opt/WebSphere chgrp mqm /opt/WebSphere/AppServer chgrp -R mqm /opt/WebSphere/AppServer/config chgrp -R mqm /opt/WebSphere/AppServer/logs chgrp -R mqm /opt/WebSphere/AppServer/wstemp chgrp -R mqm /opt/WebSphere/AppServer/installedApps chgrp -R mqm /opt/WebSphere/AppServer/temp chgrp -R mqm /opt/WebSphere/AppServer/tranlog chgrp -R mqm /opt/WebSphere/AppServer/cloud* chgrp -R mqm /opt/WebSphere/AppServer/bin/DefaultDB ### Change group execute permissions ### chmod g+w /opt/WebSphere chmod g+w /opt/WebSphere/Appserver chmod -R g+w /opt/WebSphere/AppServer/config chmod -R g+w /opt/WebSphere/AppServer/logs chmod -R g+w /opt/WebSphere/AppServer/wstemp chmod -R g+w /opt/WebSphere/AppServerinstalledApps chmod -R g+w /opt/WebSphere/AppServer/temp chmod -R g+w /opt/WebSphere/AppServer/tranlog chmod -R g+w /opt/WebSphere/AppServer/cloud* chmod -R g+w /opt/WebSphere/AppServer/bin/DefaultDB- In the WAS console, go to...
Application Servers | server | Process Definition | Process Execution- Change the umask to 002.
- Change the "Run As User" to the account you want the appserver process to run as.
- Change the "Run As Group" to mqm.
- Restart the appserver. You do NOT need to restart the cell or node agents.