By default, each base WebSphere Application Server node on a Linux and UNIX platform uses the root user to run application servers. However, you can use a non-root user to run application servers. This task describes how to configure an application server to run as non-root while letting the node agent process run as root.
Before you begin
If global security is enabled, it is not recommended that the Local OS be used for user registry. In general, using the Local OS user registry requires that all processes run as root. Refer to Local operating system user registries for details. If you are attempting to run an Application Server as root in WebSphere Application Server Version 6 when you previously used a non-root user ID on Linux and UNIX platforms in Version 5.x, see Migrating a previously non-root configuration to root.Why and when to perform this task
Using a non-root user ID to run application servers can be done by setting all the application servers to run under the same operating system group. Run your application servers as non-root when you no longer want to use root authority. For security or administrative reasons, you may want to change to non-root user IDs. Perform this task at any time to change the permissions of an application server. You must restart the application servers in order for the changes to take effect.Steps for this task
startManager.sh
Property | Value |
---|---|
Run As User | root |
Run As Group | wasgroup |
UMASK | 002 |
Property | Value |
---|---|
Run As User | was1 |
Run As Group | wasgroup |
UMASK | 002 The value 022 means the files the process creates are writable by the group and by others as defined on the Linux or UNIX platforms. |
stopServer.sh server1 -user userID -password password
stopNode.sh -user userID -password password
chgrp wasgroup /opt/WebSphere chgrp wasgroup /opt/WebSphere/AppServer chgrp -R wasgroup /opt/WebSphere/AppServer/cloudscape chgrp -R wasgroup /opt/WebSphere/AppServer/profiles/nodeProfile1 chmod g+wr /opt/WebSphere chmod g+wr /opt/WebSphere/AppServer chmod -R g+wr /opt/WebSphere/AppServer/cloudscape chmod -R g+wr /opt/WebSphere/AppServer/profiles/nodeProfile1
startNode.sh
startServer.sh server1
Result
You can start an application server from a non-root user and run the node agent as root.Related tasks
Running the deployment manager with a non-root user ID
Running an Application Server and node agent from a non-root user
Starting servers
Using the administrative console
Using command line tools