[AIX HP-UX Linux Solaris Windows]

Managing profiles for non-root users

The non-root can receive permissions for files and directories so that the non-root user can create and augment a profile.

Before you begin

This task assumes a basic familiarity with the manageprofiles command, the Profile Management Tool, and system commands.

This task uses the following terms:
  • Root users refers to:
    • [Linux] [HP-UX] [Solaris] [AIX] Root users
    • [Windows] Administrators
  • Non-root users refers to:
    • [Linux] [HP-UX] [Solaris] [AIX] Non-root users
    • [Windows] Non-administrators
  • Installer refers to a root user or a non-root user.
Remember: An ease-of-use limitation exists for non-root users who create profiles. Mechanisms within the Profile Management Tool that suggest unique names and port values are disabled for non-root users. The non-root user must change the default field values in the Profile Management Tool for the profile name, node name, cell name, and port assignments. Consider assigning non-root users a range of values for each of the fields. You can assign responsibility to the non-root users for adhering to their assigned value ranges and for maintaining the integrity of their own definitions.
Best practice Best practice: [Updated in September 2012] IBM recommends starting processes that run on the same profile with user IDs that have mutually compatible file permissions, meaning that each process can read or updated files that the other processes create. This ensures that the processes can access the same files without encountering a permission-denied error. For example, if you run the deployment manager as user wasuser and then also run the command line tool to generate plug-ins on that same profile, you should run the tool as user wasuser. [Updated in September 2012]
sep2012
bprac
[Windows] [Fix Pack 23 or later] Tip: In WebSphere® Application Server Version 7.0.0.23 and later, files created by an Administrator outside of the Program Files directory are usable by non-Administrators. This allows an Administrator to create a profile outside of the WebSphere Application Server installation and have a non-Administrator manage the profile. To use this functionality, perform the following actions:
  1. Install WebSphere Application Server to a directory that has no default write permissions for non-Administrators—C:\Program Files (x86) for example.
  2. Install the Version 7.0.0.23 or later fix pack using Installation Manager.
  3. Modify the app_server_root/properties/wasprofile.properties file. The following should have been added by the fix pack to the bottom of the file:
    #-----------------------------------------------------------------------
    # Specify if enhanced/fixed Apache ant task behaviour should be used.
    # 
    # Note that this only has effect on Windows platforms.
    #-----------------------------------------------------------------------
    WS_USE_ENHANCED_OPENSOURCE_BEHAVIOUR=false
    Simply change the value of WS_USE_ENHANCED_OPENSOURCE_BEHAVIOUR to true, and you can take advantage of this feature. For example:
    1. Launch the Profile Management Tool to create a profile.
    2. When creating the profile, select the advanced flow.
    3. Set the profile path to somewhere outside the C:\Program Files (x86) directory (or whichever directory was used for the installation) where non-Administrators have default write permissions—C:\Profiles\AppSrv01 for example.
    4. Make sure that you do not use a Windows service when creating the profile.
    5. Make sure that the app_server_root/bin/setupCmdLine.bat file has read permissions for non-Administrators.
    6. You should be able to log in with a non-Administrator ID and start the server.

About this task

Non-root users might typically need these tasks completed so that they can start their own application servers in development environments. For instance, an application developer might test an application on a application server in a profile assigned to that application developer.

Procedure

Results

Depending on the tasks that the installer followed, the installer has completed the following actions:

What to do next

Depending on the tasks that the installer completes, a non-root user can create and augment a profile, start WebSphere Application Server, or do both.




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Jun 11, 2013 8:40:09 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v701sca&product=was-nd-mp&topic=tpro_manage_nonroot
File name: tpro_manage_nonroot.html