Run the deployment manager with a non-root user ID
This article describes how to run the deployment manager with a non-root user ID on Linux and UNIX platforms.
Before you begin
If global security is enabled, the user registry must not be Local OS. Using the Local OS user registry requires the dmgr process to run as root. If you are attempting to run a deployment manager as root in WebSphere Application Server V6 when you previously used a non-root user ID on Linux and UNIX platforms in V5.x, see Migrating a previously non-root configuration to root.
Overview
By default, the Network Deployment product on Linux platforms uses the root user to run the deployment manager, which is the dmgr process. Use a non-root user to run the deployment manager. You might want to change to a non-root user ID for security or administrative reasons.Perform this task to change the permissions for the deployment manager. Restart the deployment manager for the changes to take effect.
For the steps that follow, assume that:
- wasadmin is the user to run all servers
- wasgroup is the user group
- dmgr is the deployment manager
- the installation root for Network Deployment is install_nd_root, for example /opt/IBM/WebSphere/AppServer
- you created a run-time environment with a single profile or multiple profiles
To configure a user to run the deployment manager, complete the following steps:
Procedure
- Log on to the Network Deployment system as root.
- Create user wasadmin with primary group wasgroup.
- Start the deployment manager process as root with the startManager.sh script.
Issue the script command
network deployment installation root/profiles/deployment manager profile name/bin/ ./startManager.sh- Start the administrative console.
- Define the dmgr process to run as a wasadmin process.
Click System Administration > Deployment manager > Server Infrastructure > Java and Process Management > Process Definition > Additional Properties > Process Execution and change all of these values:
Property Value Run As User wasadmin Run As Group wasgroup UMASK 022 where the value 022 means the files the process creates are writable by the group and by others as defined on the Linux or UNIX platforms
- Save the configuration.
- Stop the deployment manager with the stopManager.sh script.
Issue the script command from the network deployment installation root/profiles/profile name/bin directory
./stopManager.sh- As root, use operating system tools to change file permissions on Linux and UNIX-based platforms. The following example assumes /opt/IBM/WebSphere/AppServer is the installation root:chgrp wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name chgrp wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/config chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/logs chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/wstemp chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/installedApps chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/temp chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/tranlog chmod g+wr /opt/IBM/WebSphere chmod g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/config chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/logs chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/wstemp chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/installedApps chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/temp chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/tranlog
- Log in as wasadmin on the Network Deployment system.
- Start the deployment manager process with the startManager.sh script.
Issue the script command
network deployment installation root/profiles/deployment manager profile name/bin/ ./startManager.sh
Result
We can start a deployment manager process from a non-root user.
Related Tasks
Run an application server from a non-root user and the node agent from root
Run an Application Server and node agent from a non-root user
See Also
wasprofile command