Install in user (nonAdmin) mode

Non-administrators (non-root users) can install WebSphere Application Server Network Deployment in both silent and interactive nonAdmin mode for full product installations and removals, incremental feature installations, and edition upgrades.

For existing installations, the user who owns the currently installed files is the only user who can perform subsequent installation, maintenance, or removal operations on that installation except under one of the following conditions:

• Installation Manager and the product were installed in group mode.

• The owner reassigns ownership of the appropriate directories and files to another user.

The set of post-installation operations that are subject to this rule includes installing a feature, installing maintenance, and uninstalling the product.

Installation considerations

There are various considerations that we must examine to install in nonAdmin mode.

• Non-administrator installations can apply to all of the WebSphere software components in the product package

  Non-administrators can install all of the product software components.

• Non-administrator installations install an operational product

  If some portion of an installation requires administrator privileges, Installation Manager provides an option so that the non-administrator can install an operational product without enabling the privileged option whenever possible.

• Installation Manager identifies root-only options

  Installation Manager clearly identifies privileged options by disabling such options in the interface of the non-administrator.

• Default installation locations are within the non-administrator's home directory

  Default installation locations are within the home directory of the non-administrator to verify a writable disk space. Installation Manager verifies that specified disk locations are writable.

Private GSKit installation

Installing IBM HTTP Server and the Web Server Plug-ins installs a private copy of IBM Global Security Kit (GSKit), which allows both administrators and non-administrators to enable SSL support.

The GSKit package is installed to the gsk8 directory within the installing product's root directory.

The private copy of GSKit is maintained through GSKit update packages delivered in IBM HTTP Server and web server plug-in fix packs.

(Solaris) If we are using zones on the Solaris operating system, we can use the private GSKit without a zone-writable /usr directory.

Non-administrator limitations

There are some limitations and differences when installing as a non-administrator as opposed to an administrator.

• Local web server plug-in installation

  When the web server plug-in and the application server are installed on the same machine (local installation scenario), non-administrator installation for the plug-in component is only supported if the application server was also installed by the same user. Otherwise, the web server configuration scripts fail to run against the application server installation.

• (UNIX) Home directories

  We cannot successfully complete certain post-installation tasks if the installing non-administrator does not have a home directory defined. Any user installing and using the product must have a valid home directory.

• Port value assignment

  Profile creation avoids port-value conflicts by examining port values in use by other WAS installations. Multiple non-administrative installers diminish the ability to detect and avoid port value conflicts. WAS installations are visible to the installer ID only, because the non-administrator installations do not register globally. If an administrator performs all WAS installations, the problem is avoided.

• (Windows) Fast Response Cache Accelerator (FRCA) / Adaptive Fast Path Architecture (AFPA) limitations

  FRCA/AFPA was been deprecated starting with v7.0 and its use is discouraged. There is no support for Windows 7, Windows Server 2012, or any later Windows operating systems.

  AFPA is a software architecture that dramatically improves the efficiency, and therefore the capacity, of web servers and other network servers by caching static files.

  AFPA is a Windows kernel-level device driver within the IBM HTTP Server. AFPA provides caching of static files served from IBM HTTP Server. AFPA is recommended for very high-volume static-file web sites only.

  Dynamic web pages, such as those generated by WAS, are not usually cacheable. ost application servers should not enable AFPA.

  • A Windows kernel-level device driver cannot install from a non-administrator installer. Windows requires administrator group privileges when installing device drivers.

• Edge Components

  Edge requires administrator (root) privileges because of its native installation mechanisms.

• (Windows) Java Web Start

  The Application Client supports Java Web Start (JWS) on all supported platforms. Particularly on a Windows system, the Application Client requires administrator access in order to configure JWS properly, by updating Windows native registry entries with some JWS-specific entries.

  Non-administrator installers cannot register the update, which provides less than full support for JWS. For example, a JWS application cannot launch from the Internet Explorer or Mozilla Firefox browser.

  JWS is not an installable feature for the Client and cannot be separately installed by an administrator installer. The installation program lists JWS as one of the non-administrator limitations on Windows systems.

• (Windows) Windows services limitations

  • The non-administrator cannot create Windows services for any of the WAS processes, including the application server, node agent, deployment manager, IBM HTTP Server, or IBM Administration Server.

  • An administrator can create the service after installation using the WASService command.

• Menu limitations
  • (Windows) Start menu entries

    Entries in the menu are for the non-administrator installer, but they are not available to all users.

    If an administrator installs the product and then non-administrators create profiles, the non-administrators can see their shortcuts.

  • (Linux) Gnome and KDE menu entries

    Entries in the menus are for the non-administrator installer instead of being applicable to all users.

    Normally, menu items are only visible to the installing user. To allow other users who create profiles to see menu items for their profiles, they must have access to a copy of the base WebSphere#.menu file. All profile shortcuts are visible to all users who have access to the base WebSphere#.menu file. Copy this file into either the /etc/xdg/menus/applications-merged directory (for all users) or the user's $HOME/.config/menus/applications-merged directory. Make sure there are no conflicts between the menu file names in the /etc/xdg/menus/applications-merged directory and any user's $HOME/.config/menus/applications-merged directory.