WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIXHP-UXLinuxSolarisWindows

Running the deployment manager with a non-root user ID

This article describes how to run the deployment manager with a non-root user ID on Linux and UNIX platforms.

Before you begin

If global security is enabled, the user registry must not be Local OS. Using the Local OS user registry requires the dmgr process to run as root. If you are attempting to run a deployment manager as root in WebSphere Application Server Version 6 when you previously used a non-root user ID on Linux and UNIX platforms in Version 5.x, see Migrating a previously non-root configuration to root.

Why and when to perform this task

By default, the Network Deployment product on Linux platforms uses the root user to run the deployment manager, which is the dmgr process. You can use a non-root user to run the deployment manager. You might want to change to a non-root user ID for security or administrative reasons.

Perform this task to change the permissions for the deployment manager. Restart the deployment manager for the changes to take effect.

For the steps that follow, assume that:
  • wasadmin is the user to run all servers
  • wasgroup is the user group
  • dmgr is the deployment manager
  • the installation root for Network Deployment is install_nd_root, for example /opt/IBM/WebSphere/AppServer
  • you created a run-time environment with a single profile or multiple profiles

To configure a user to run the deployment manager, complete the following steps:

Steps for this task

  1. Log on to the Network Deployment system as root.
  2. Create user wasadmin with primary group wasgroup.
  3. Start the deployment manager process as root with the startManager.sh script.
    Issue the script command:
    network deployment installation root/profiles/deployment manager profile name/bin/
    
    ./startManager.sh
  4. Start the administrative console.
  5. Define the dmgr process to run as a wasadmin process.
    Click System Administration > Deployment manager > Server Infrastructure > Java and Process Management > Process Definition > Additional Properties > Process Execution and change all of these values:
    Property Value
    Run As User wasadmin
    Run As Group wasgroup
    UMASK 022

    The value 022 means the files the process creates are writable by the group and by others as defined on the Linux or UNIX platforms.

  6. Save the configuration.
  7. Stop the deployment manager with the stopManager.sh script.
    Issue the script command from the network deployment installation root/profiles/profile name/bin directory:
    ./stopManager.sh
  8. As root, use operating system tools to change file permissions on Linux and UNIX-based platforms. The following example assumes /opt/IBM/WebSphere/AppServer is the installation root:
    
    chgrp wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name
    chgrp wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name
    chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/config
    chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/logs
    chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/wstemp
    chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/installedApps
    chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/temp
    chgrp -R wasgroup /opt/IBM/WebSphere/AppServer/profiles/profile name/tranlog
    chmod g+wr /opt/IBM/WebSphere
    chmod g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name
    chmod -R g+wr  /opt/IBM/WebSphere/AppServer/profiles/profile name/config
    chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/logs
    chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/wstemp
    chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/installedApps
    chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/temp
    chmod -R g+wr /opt/IBM/WebSphere/AppServer/profiles/profile name/tranlog
    
  9. Log in as wasadmin on the Network Deployment system.
  10. Start the deployment manager process with the startManager.sh script.
    Issue the script command:
    network deployment installation root/profiles/deployment manager profile name/bin/
    
    ./startManager.sh

Result

You can start a deployment manager process from a non-root user.



Related tasks
Running an application server from a non-root user and the node agent from root
Running an Application Server and node agent from a non-root user

Related reference
wasprofile command

Task topic    

Terms of Use | Feedback

Last updated: Mar 17, 2005 4:28:29 AM CST
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tagt_nd_nonroot.html

© Copyright IBM Corporation 2003, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)