Sun Java System Access Manager Policy Agent 2.2 Guide for IBM Lotus Domino 6.5.4

Linux Systems: Setting File Ownership and Permissions on Agent for IBM Lotus Domino 6.5.4

On Linux systems, the IBM Lotus Domino 6.5.4 server must run as a non-root user. The default user created for this purpose during installation of the IBM Lotus Domino 6.5.4 server is notes. However, the actual user name will be different if the default was not accepted. For example purposes in this section, the default IBM Lotus Domino 6.5.4 user name of notes is used.

To enable Agent for IBM Lotus Domino 6.5.4 to work properly, ensure that the notes user has read permissions to the following files:


represents the directory you choose in which to install the web agent


represents a directory that is created and named during agent installation. This name is derived from the path to the Lotus Domino Data directory where slashes are converted to underscores. For this example, the path to the Lotus Domino Data directory is as follows:


Based on the preceding path, during installation, the following _PathInstanceName directory would be created:


You can set the required permissions to the files by issuing the following commands:

chown notes:notes /etc/opt/agents/domino6/config/_PathInstanceName
chown notes:notes /var/tmp/debug/_PathInstanceName/
chown notes:notes PolicyAgent-base/agents/domino6/lib/

Additionally, if Access Manager is running in SSL mode, the files cert7.db and key3.db must also allow read access to the notes user. These files are available in the directory specified by the property in the web agent configuration file.

For example, if the property is set as = /opt/cert-dir, ensure that /opt/cert-dir/{cert7.db,key3.db} has the necessary permissions by using the following command:

chown notes:notes /opt/cert-dir/cert7.db /opt/cert-dir/key3.db

Where cert-dir represents the directory in which certificates and key stores related to SSL are located.