Assigning profile ownership to a non-root user

An installer can create a profile and assign ownership of the profile directory to a non-root user so that the non-root user can start WAS ND for a specific profile. Use this example to accomplish the tasks through commands.

This task assumes a basic familiarity with the manageprofiles command and system commands. This task uses the following terms:

• Root users refers to:

  • (Linux) [HP-UX] [Solaris]

    [AIX] Root users

  • (Windows) Administrators

• Non-root users refers to:

  • (Linux) [HP-UX] [Solaris]

    [AIX] Non-root users

  • (Windows) Non-administrators

• Installer refers to a root user or a non-root user.

Before we can create a profile, install WAS ND.

Have the installer perform the following steps to create a profile and assign ownership for the profile directory and the logs directory. The ownership is assigned to a non-root user ID that is different from the installer ID. The non-root user needs access to these directories to start the product.

This example creates a default profile.

The commands are split on multiple lines for printing purposes.

 

1. Create the profile by issuing the following code from a command prompt: [Linux] [HP-UX] [Solaris]

   [AIX]

   ./manageprofiles.sh -create -profileName profile01 -profilePath APP_ROOT/profiles/profile01 -templatePath  APP_ROOT/profileTemplates/default 
   

   
   

   (Windows)

   manageprofiles.bat -create -profileName profile01 -profilePath  APP_ROOT\profiles\profile01 -templatePath  APP_ROOT\profileTemplates\default 
   
   

2. Change ownership of the profile01 profile directory to the user1 non-root user. [Linux] [HP-UX] [Solaris]

   [AIX] For example, issue the following command:

   chown -R user1 APP_ROOT/profiles/profile01
   

   
   

   (Windows) Follow instructions in the Windows documentation to grant user1 access to the following directory:

   APP_ROOT\profiles\profile01
   

3. Change the ownership of the logs directory for the profile01 profile to the user1 non-root user to prevent displaying log messages to the console. [Linux] [HP-UX] [Solaris]

   [AIX] Issue the following command:

   chown -R user1 APP_ROOT/logs/manageprofiles/profile01
   

   
   

   (Windows) Follow instructions in the Windows documentation to grant user1 access to the following directory:

   APP_ROOT\logs\manageprofiles\profile01
   

 

Results

The installer has created a default profile and changed ownership of the profile directory and log directory to a non-root user.

 

Next steps

As the installer, we can continue to create profiles and assign ownership to non-root users as needed.

A non-root user ID can manage multiple profiles. Have the same non-root user ID manage an entire profile, whether it is the dmgr profile, a profile that contains the appservers and the node agent, or a custom profile. A different user ID can be used for each profile in a cell, whether global security or administrative security is enabled or disabled. The user IDs can be a mix of root and non-root user IDs. For example, the root user might manage the dmgr profile, while a non-root user might manage a profile that contains appservers and the node agent, or vice versa. However, typically, a root user or a non-root user manages all profiles in a cell.

The non-root user can use the same tasks to manage a profile that the root user uses.