By default, each base Application Server node on a Linux, UNIX, or z/OS platform uses the root user ID to run the node agent process and all Application Server processes. However, you can run the node agent and all Application Server processes under the same non-root user and user group. If you do run the node agent process with a non-root user ID, you must run all Application Server processes that the node agent controls under the same non-root user ID.
Before you begin
If global security is enabled, the user registry must not be Local OS. Using the Local OS user registry requires the node agent to run as root. Refer to Local operating system user registries for details.Why and when to perform this task
Using the same non-root user and user group gives the node agent process the operating system permissions to start all other server processes.Run your application servers and node agent as non-root when you no longer want to use root authority. For security or administrative reasons, you may want to change to non-root user IDs. Perform this task at any time to change the permissions of a node agent or application server. You must restart the node agent and application servers in order for the changes to take effect.
If you are running WebSphere Application Server as a non-root user, add IBMLSDActiveServerList.asl to your non-root user file permissions.
To configure a user ID to run the node agent and all server processes, complete the following steps.
Steps for this task
startManager.sh
Property | Value |
---|---|
Run As User | wasadmin |
Run As Group | wasgroup |
UMASK | 022 The value 022 means the files the process creates are writable by the group and by others as defined on the Linux or UNIX platforms. |
Property | Value |
---|---|
Run As User | wasadmin |
Run As Group | wasgroup |
UMASK | 022 |
chgrp wasgroup /opt/WebSphere chgrp wasgroup /opt/WebSphere/AppServer chgrp -R wasgroup /opt/WebSphere/AppServer/cloudscape chgrp -R wasgroup /opt/WebSphere/AppServer/profiles/nodeProfile1 chmod g+wr /opt/WebSphere chmod g+wr /opt/WebSphere/AppServer chmod -R g+wr /opt/WebSphere/AppServer/cloudscape chmod -R g+wr /opt/WebSphere/AppServer/profiles/nodeProfile1
startnode.sh node1
Result
You can start an application server and the node agent from a non-root user.Related tasks
Running an application server from a non-root user and the node agent
from root
Running the deployment manager with a non-root user ID