Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide

Running Services as a Non-root User

Note –

To run services as non-root, you must change the permissions for all directories under the Identity Synchronization for Windows instance directory. The default directory is /var/opt/SUNWisw.

ProcedureTo Run services as a Non-root User

Although you must be root to install and to run Identity Synchronization for Windows services, you can configure the software to run the program services as a non-root user.

  1. (Optional) Use the UNIX useradd command to create a user account for Identity Synchronization for Windows.

    You also can use a nobody user to run services. The remaining examples in this procedure assume you created a user called iswuser.

  2. To install a Sun Java System Directory Server Connector, you must choose a non-privileged port for the Connector during installation.

    For example, ports larger than 1024 are acceptable. Port 1389 is recommended for LDAP when the server is running as a non-root user. Port 1636 is recommended for LDAP over SSL.

    Note –

    You must execute all commands in the remaining steps as root.

  3. After installing all components, execute the following command to stop Identity Synchronization for Windows:

    /etc/init.d/isw stop
  4. You must update the ownership of the instance directory. For example, if you installed the product in/var/opt/SUNWisw.

    chown -R iswuser /var/opt/SUNWisw

    chown -R iswuser /opt/SUNWisw
  5. In a text editor, open the/etc/init.d/isw file and replace the following line:


    with the following:

  6. Execute the following command to restart the service:

    /etc/init.d/isw start
  7. Execute the following command to verify that the components are running using the assigned user’s userid:

    ps -ef | grep iswuser