Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide

Running Services as a Non-root User


Note –

To run services as non-root, you must change the permissions for all directories under the Identity Synchronization for Windows instance directory. The default directory is /var/opt/SUNWisw.


ProcedureTo Run services as a Non-root User

Although you must be root to install and to run Identity Synchronization for Windows services, you can configure the software to run the program services as a non-root user.

  1. (Optional) Use the UNIX useradd command to create a user account for Identity Synchronization for Windows.

    You also can use a nobody user to run services. The remaining examples in this procedure assume you created a user called iswuser.

  2. To install a Sun Java System Directory Server Connector, you must choose a non-privileged port for the Connector during installation.

    For example, ports larger than 1024 are acceptable. Port 1389 is recommended for LDAP when the server is running as a non-root user. Port 1636 is recommended for LDAP over SSL.


    Note –

    You must execute all commands in the remaining steps as root.


  3. After installing all components, execute the following command to stop Identity Synchronization for Windows:


    /etc/init.d/isw stop
    
  4. You must update the ownership of the instance directory. For example, if you installed the product in/var/opt/SUNWisw.


    chown -R iswuser /var/opt/SUNWisw
    

    chown -R iswuser /opt/SUNWisw
    
  5. In a text editor, open the/etc/init.d/isw file and replace the following line:


    "$EXEC_START_WATCHDOG" "$JAVA_PATH" "$INSTALL_DIR" "$CONFIG_DIR"

    with the following:


    su iswuser -c "$EXEC_START_WATCHDOG '$JAVA_PATH' '$INSTALL_DIR' '$CONFIG_DIR'"
  6. Execute the following command to restart the service:


    /etc/init.d/isw start
    
  7. Execute the following command to verify that the components are running using the assigned user’s userid:


    ps -ef | grep iswuser