Run an appserver from a non-root user and the node agent from root

 

+

Search Tips   |   Advanced Search

 

By default, each base WAS node on a Linux and UNIX platform uses the root user to run appservers. However, you can use a non-root user to run appservers. This task describes how to configure an appserver to run as non-root while letting the node agent process run as root.

If administrative security is enabled, the user account repositories must not be the local operating system. In general, using the local operating system user registry requires that all processes run as root. Refer to Local operating system registries for details.

If you are attempting to run an appserver as root in WAS V6.x when you previously used a non-root user ID on Linux and UNIX platforms in V5.x, see Migrating a previously non-root configuration to root.

 

Overview

Using a non-root user ID to run appservers can be done by setting all the appservers to run under the same operating system group. Run your appservers as non-root when you no longer want to use root authority. For security or administrative reasons, you may want to change to non-root user IDs. Perform this task at any time to change the permissions of an appserver. You must restart the appservers in order for the changes to take effect.

If you are using the Tivoli Access Manager to perform authentication or authorization for WAS, it is important to be aware of potential permissions problems.

 

Procedure

  1. Log on to the Application Server system as a non-root user.

  2. Create a new profile.

    The servers you create under this profile run as non-root.

  3. Log off and back on.

  4. Log on to the ND system as root.

  5. Start the deployment manager if it is not already running.

    Use the startManager script from the /bin directory of the installation root.

  6. Ensure that all servers on the Application Server system are stopped, including the server1 process.

    stopServer server1 -user userID -password password

  7. Start the node agent process from root. Use the startNode script from the /bin directory of the installation root:

  8. Log on to the Application Server system as the non-root user that corresponds to the new profile you created.

  9. Start your appservers. Use the startServer script from the /bin directory of the installation root:

 

Results

You can start an appserver from a non-root user and run the node agent as root.

 

Related tasks

Run the deployment manager with a non-root user ID
Run an Application Server and node agent from a non-root user
Start an appserver
Use the console
Use command line tools
Manage appservers