This example provides an installation sequence and configuration procedures for allowing Access Manager to run in a web container that is not owned by root.
If your installation plan calls for deploying Access Manager in an instance of Web Server or Application Server that is not owned by the superuser (root ), you must install Access Manager in a separate installation session from Directory Server and Web Server or Application Server.
The general steps for creating this installation sequence include the following:
Session 1, Host A: Installing Directory Server and Administration Server
Session 2, Host B: Installing Web Server
Session 3, Host B: Installing Access Manager
If you have already deployed Access Manager in a root-owned instance of Web Server or Application Server, uninstall any copy of Access Manager before following the procedure in this section.
The following high-level tasks are required:
Installing Directory Server and Administration Server using the Configure Now option
In the Common Server Settings page, enter the non-root user for System User and non-root group for System Group.
Select port numbers for Directory Server and Administration Server that are higher than 1024 (do not use 389 and 390).
As the non-root user, starting Directory Server and Administration Server (all processes must be owned by the non-root user)
The following high-level tasks are required:
Installing Web Server using the Configure Now option
In the Common Server Settings page, enter the non-root user for System User and non-root group for System Group.
In the Web Server: Administration (1 of 2) page, change the Administration Runtime User ID to the non-root user.
In the Web Server: Default Web Server Instance page:
Change the Runtime User ID to the non-root user.
Change the Runtime Group to the non-root group.
Select a value for HTTP Port that is higher than 1024.
As the non-root user, starting the Web Server administration instance and Web Server instance
All processes should be owned by the non-root users.
The following high-level tasks are required:
Installing Access Manager using the Configure Later option
Changing ownership of the following directories from root/other to the non-root user/non-root group:
These shared component directories must be changed because they are configured into the web container classpath by the Access Manager configuration program.
Solaris OS: /opt/SUNWma and /etc/opt/SUNWma
Linux: /opt/sun/mobileaccess and /etc/opt/sun/mobileaccess
chown -R nonroot-user:nonroot-group /opt/SUNWma /etc/opt/SUNWma |
Editing the amsamplesilent file
Go to the Access Manager bin directory:
Solaris OS: cd AccessManager-base/SUNWam/bin
Linux: cd AccessManager-base/identity/bin
Make a copy of the amsamplesilent file. For example:
cp -p amsamplesilent am.non_root_install
Edit the copy of the amsamplesilent file.
Set BASEDIR to the same value that you selected for the installation directory of Access Manager during installation
Update SERVER_HOST, SERVER_PORT, DS_HOST, DS_PORT, ROOT_SUFFIX, WS61_ADMINPORT and all related password fields (DS_DIRMGRPASSWD, ADMINPASSWD, AMLDAPUSERPASSWD).
Using the edited amsamplesilent file to deploy Access Manager
./amconfig -s ./am.non_root_install |
As the non-root user, stopping the Web Server admin instance and Web Server instance
As root, changing the ownership of the Web Server installation directory
chown -R <non-root-user\>:<non-root-group\> WebServer-base |
As the non root-user, starting the Web Server admin instance and Web Server instance
Accessing the Web Server admin console in a browser and logging in as the admin user
Selecting the instance on which you deployed Access Manager