UNIX and Linux User Accounts for the Server

When the Sun Java System Web Server starts, it runs with a UNIX or Linux user account that you specify during installation. Any child processes of the server are created with this account as the owner. It is best to create a UNIX or Linux account for the server that has restricted access to your system resources. The account needs read permissions for the configuration files and write permissions for the logs directory.

On Solaris OE, by default, a user and group account named webservd is created for Sun Java System Web Server if it does not already exist.

On non-Solaris UNIX platforms (where the webservd user/group cannot be reserved outright), if you do not create a dedicated user account for Sun Java System Web Server, you can use the account with the name nobody. You might not however want to give the user nobody permissions for running the Sun Java System Web Server. Sometimes the user nobody does not work on some systems if a negative uid/gid is assigned during installation. Check the /etc/passwd file to see if the uid for nobody exists, and make sure it is greater than 0.

It is strongly recommended that you use a dedicated account for the server.

The Administration Server can also run with a user account that has write permissions to the configuration files for all installed servers. However, it is much easier to run the Administration Server as root because then the Administration Server user can start and stop servers with port numbers less than 1024. (Port numbers greater than 1024 can be started by any user).

The user you use to run the Sun Java System Web Server (often nobody) should be in the same group as the user you use to run the Administration Server (often root).

When changing the server user, remove any /tmp/lock.* files created in the /tmp directory.