Changing the CM Server user account on the UNIX system and Linux

On the UNIX® system and on Linux®, CM Server by default runs as root. You may change the identity to a user with minimal privileges. The name and group of this user will vary from platform to platform (for example, a specific user name or nobody.nobody). Note that because the non-root user has less privileges, some files must be made writeable for everyone in order to allow WebSphere Application Server to function properly.

To change CM Server to run as a different user:
  1. Edit the User and Group line in httpd.conf. The following line configures CM Server to run as cmserveruser.other:

    User cmserveruser Group other

  2. Edit /opt/IBM/RationalSDLC/common/CM/bin/cmserver_startup (or /opt/ibm/RationalSDLC/common/CM/bin/cmserver_startup on Linux) and change this line:

    ./startServer.sh server1 > $cmserver_home/logs/was_start.log 2>&1

    to

    su cmserveruser -c "./startServer.sh server1 > $cmserver_home/logs/was_start.log 2>&1"

  3. Add write permission to the following WebSphere® Application Server log files:
    • chmod o+w $cmserver_home/logs/was_start.log (if this file exists)
    • chmod o+w $cmserver_home/profiles/cmprofile/logs/server1/*
    • chmod o+w $cmserver_home/profiles/cmprofile/tranlog/DefaultNode/DefaultNode/server1/transaction/tranlog/*
    • chmod o+w $cmserver_home/profiles/cmprofile/tranlog/DefaultNode/DefaultNode/server1/transaction/partnerlog/*
  4. Stop and restart CM Server.

Feedback