During the Access Manager installation, the installer requires that Access Manager run as a root user. If you want administrators who don't have root permissions to perform any administration tasks on Access Manager, you must reconfigure Access Manager to run as a non-root user.
You must use a port number higher than 1024. If the Web Server port is below 1024, then even after configuring the Access Manager server to run as a non-root user, you still must start Access Manager Web Server in a root shell.
As a root user, log into host AccessManager-1.
Stop Access Manager 1.
# cd /opt/SUNWwbsvr/https-AccessManager-1.example.com/ # ./stop |
Stop the Web Server administration server.
# cd /opt/SUNWwbsvr/https-admserv/ # ./stop |
Change the “runs as” user ID from root to nobody.
# cd /opt/SUNWwbsvr/ # chown -R nobody:nobody https-AccessManager-1.example.com/* httpacl alias \ /var/opt/SUNWam /etc/opt/SUNWam # rm -rf /tmp/https-* |
Edit the magnus.conf file.
It is a good practice to make a backup of this or any other configuration file before making changes to the file.
# vi https-AccessManager-1.example.com/config/magnus.conf |
Change the User property value from root to nobody.
Verify that Access Manager successfully runs as a non-root user.
Log in as a root user to the Access Manager host.
Start the Access Manager server.
# cd /opt/SUNWwbsvr/https-AccessManager-1.example.com/ # ./start |
Confirm that the Web Server start process actually runs as nobody.
# ps -ef | grep SUNWwbsvr |
Start a new browser and go to the Access Manager URL.
Example: http://AccessManager-1.example.com:1080/amserver/console
Close the browser if successful.
Log in to the Access Manager console using the following information:
amadmin
4m4dmin1
If you can log in successfully, close the browser.
As a root user, log into host AccessManager-2.
Stop Access Manager 2.
# cd /opt/SUNWwbsvr/https-AccessManager-2.example.com/ # ./stop |
Stop the Web Server administration server.
# cd /opt/SUNWwbsvr/https-admserv/ # ./stop |
Change the “runs as” user ID from root to nobody.
# cd /opt/SUNWwbsvr/ # chown -R nobody:nobody https-AccessManager-2.example.cm/* httpacl alias /var/opt/SUNWam /etc/opt/SUNWam # rm -rf /tmp/https-* |
Edit the magnus.conf file.
# vi https-AccessManager-2.example.com/config/magnus.conf |
Change the User property value from root to nobody.
Verify that Access Manager 2 successfully runs as a non-root user.
As a root user, log into host AccessManager-2.
Start the Access Manager server.
# cd /opt/SUNWwbsvr/https-AccessManager-2.example.com/ # ./start |
Confirm that the Web Server start process actually runs as nobody.
ps -ef | grep SUNWwbsvr |
Start a new browser and go to the Access Manager URL.
Example: http://AccessManager-2.example.com:1080/amserver/console Close the browser if successful.
Log in to the Access Manager console using the following information:
amadmin
4m4dmin1
If you can log in successfully, close the browser.
In this procedure, you reconfigure the administration server for each of the Web Servers that contain Access Manager. Although this is not required, it's a good practice to run the Access Manager Web Servers and their administration servers as the same non-root user ID. This eliminates permissions problems. For example, if the Access Manager Web Server runs as a non-root user, and its administration server runs as a root user, then files created by the administration server may not be readable by the Access Manager Web Server.
As a root user, log into host AccessManager-1.
Stop the Web Server administration server by issuing the commands:
# cd /opt/SUNWwbsvr/https-admserv # ./stop |
Change the “runs as” user ID from root to nobody.
# cd /opt/SUNWwbsvr/ # chown -R nobody:nobody https-admserv/* httpacl/ alias # rm -rf /tmp/https-admserv |
Edit the magnus.conf file.
Make a backup of this file before making changes to the file.
# vi https-admserv/config/magnus.conf |
Change the User property value from root to nobody.
Verify that the Web Server administration server successfully runs as a non–root user.
As a root user, log into host AccessManager-2.
Stop the Web Server administration server by issuing the commands:
# cd /opt/SUNWwbsvr/https-admserv # ./stop |
Change the “runs as” user ID from root to nobody.
# cd /opt/SUNWwbsvr/ # chown -R nobody:nobody https-admserv/* httpacl/ alias # rm -rf /tmp/https-admserv |
Edit the magnus.conf file.
# vi https-admserv/config/magnus.conf |
Change the User property value from root to nobody.
Verify that the Web Server administration server successfully runs as a non–root user.