Non-Root Examples
This section contains the following non-root examples:
-
Portal Server on a Non-root Owned Web Server or Application Server Instance Example
For other non-root information, see Configuring Components With Non-root Identifiers
Note –
On Linux: To use these sequence examples, also refer to known issue 6284698 in the Sun Java Enterprise System 2005Q4 Release Notes.
Access Manager Configured to Run as a Non-root User Example
This example provides an installation sequence and configuration procedures for allowing Access Manager to run in a web container that is not owned by root.
Requirements and Sequence Issues
If your installation plan calls for deploying Access Manager in an instance of Web Server or Application Server that is not owned by the superuser (root ), you must install Access Manager in a separate installation session from Directory Server and Web Server or Application Server.
The general steps for creating this installation sequence include the following:
-
Session 1, Host A: Installing Directory Server and Administration Server
-
Session 2, Host B: Installing Web Server
-
Session 3, Host B: Installing Access Manager
Note –
If you have already deployed Access Manager in a root-owned instance of Web Server or Application Server, uninstall any copy of Access Manager before following the procedure in this section.
To Develop a Sequence for Host A
The following high-level tasks are required:
Steps
-
Installing Directory Server and Administration Server using the Configure Now option
-
In the Common Server Settings page, enter the non-root user for System User and non-root group for System Group.
-
Select port numbers for Directory Server and Administration Server that are higher than 1024 (do not use 389 and 390).
-
-
As the non-root user, starting Directory Server and Administration Server (all processes must be owned by the non-root user)
To Develop a Sequence for Host B (First Session)
The following high-level tasks are required:
Steps
-
Installing Web Server using the Configure Now option
-
In the Common Server Settings page, enter the non-root user for System User and non-root group for System Group.
-
In the Web Server: Administration (1 of 2) page, change the Administration Runtime User ID to the non-root user.
-
In the Web Server: Default Web Server Instance page:
-
Change the Runtime User ID to the non-root user.
-
Change the Runtime Group to the non-root group.
-
Select a value for HTTP Port that is higher than 1024.
-
-
-
As the non-root user, starting the Web Server administration instance and Web Server instance
All processes should be owned by the non-root users.
To Develop a Sequence for Host B (Second Session)
The following high-level tasks are required:
Steps
-
Installing Access Manager using the Configure Later option
-
Changing ownership of the following directories from root/other to the non-root user/non-root group:
These shared component directories must be changed because they are configured into the web container classpath by the Access Manager configuration program.
Solaris OS: /opt/SUNWma and /etc/opt/SUNWma
Linux: /opt/sun/mobileaccess and /etc/opt/sun/mobileaccess
chown -R nonroot-user:nonroot-group /opt/SUNWma /etc/opt/SUNWma
-
Editing the amsamplesilent file
-
Go to the Access Manager bin directory:
Solaris OS: cd AccessManager-base/SUNWam/bin
Linux: cd AccessManager-base/identity/bin
-
Make a copy of the amsamplesilent file. For example:
cp -p amsamplesilent am.non_root_install
-
Edit the copy of the amsamplesilent file.
-
Set BASEDIR to the same value that you selected for the installation directory of Access Manager during installation
-
Update SERVER_HOST, SERVER_PORT, DS_HOST, DS_PORT, ROOT_SUFFIX, WS61_ADMINPORT and all related password fields (DS_DIRMGRPASSWD, ADMINPASSWD, AMLDAPUSERPASSWD).
-
-
-
Using the edited amsamplesilent file to deploy Access Manager
./amconfig -s ./am.non_root_install
-
As the non-root user, stopping the Web Server admin instance and Web Server instance
-
As root, changing the ownership of the Web Server installation directory
chown -R <non-root-user\>:<non-root-group\> WebServer-base
-
As the non root-user, starting the Web Server admin instance and Web Server instance
-
Accessing the Web Server admin console in a browser and logging in as the admin user
-
Selecting the instance on which you deployed Access Manager
Portal Server on a Non-root Owned Web Server or Application Server Instance Example
This example provides an installation sequence and configuration procedures for allowing Portal Server to run in a web container that is not owned by root.
Requirements
If your installation plan calls for deploying Portal Server in an instance of Web Server or Application Server not owned by the superuser ( root), you must install Portal Server in a separate installation session from Web Server or Application Server.
Caution – If you have configured your Portal Server host to run as non-root user, and subsequently apply a patch, some directories will have their ownership reset to root ownership because the patch is applied as root user.
After successfully applying the patch, reconfigure your host to run as non-root user.
To Develop a Sequence for Host A
The following high-level tasks are required:
Step
Installing and starting the web container and Access Manager (deselecting Directory Server)
Skip this task if Portal Server will be using a copy of Access Manager that is already running on a remote host.
To Develop a Sequence for Host B
The following high-level tasks are required:
Steps
-
Making sure that the non-root instance of Web Server or Application Server is installed and configured on the same host where you are installing Portal Server
-
For Web Server:
If Web Server is not yet installed, use the installer to install Web Server, selecting the Configure Now option. Specify the non-root owner in the Runtime user and Runtime group configuration parameters.
If Web Server is already installed, use the Web Server administrative utilities to create a new web server instance owned by the non-root user.
-
For Application Server:
If Application Server is not yet installed, use the installer to install Application Server.
Application Server Only Example
After Application Server is installed, use the Application Server administrative utilities to create a new Application Server instance owned by the non-root user.
-
-
Making sure the non-root instance of Web Server or Application Server is running, as well as the administrative instance of Web Server or Application Server
-
Installing Portal Server with the Configure Now option
-
During Portal Server configuration, doing the following:
-
Enter the user and group information of the non-root instance owner in the System User and System Group parameters when specifying values on the Common Server Settings page.
-
Enter information about the non-root instance when specifying values on the Portal Server: Sun Java System Web Server page or the Portal Server Sun Java System Application Server page.
-
-
After installation, changing the ownership of the Portal Server directories from root to Userid: UserGroup.
Solaris OS:
chown -R Userid:UserGroup /opt/SUNWps chown -R Userid:UserGroup /etc/opt/SUNWps chown -R Userid:UserGroup /var/opt/SUNWps
Linux:
chown -R Userid:UserGroup /opt/sun/portal chown -R Userid:UserGroup /etc/opt/sun/portal chown -R Userid:UserGroup /var/opt/sun/portal
-
Setting the permissions for the Portal Server directories.
Solaris OS:
chmod 0755 /opt/SUNWps chmod 0755 /etc/opt/SUNWps chmod 0755 /var/opt/SUNWps
Linux:
chmod 0755 /opt/sun/portal chmod 0755 /etc/opt/sun/portal chmod 0755 /var/opt/sun/portal
-
Stopping and then starting Web Server or Application Server.
- © 2010, Oracle Corporation and/or its affiliates