6.1 Installing the Access Manager Web Containers

In this section, we will create a non-root user with the roleadd command in the Solaris Operating Environment, and install Sun Java System Web Server using the non-root user on each Access Manager host machine. Use the following as your checklist for completing these tasks.

1. To Create a Non-Root User on the Access Manager 1 Host Machine

2. To Install Sun Java System Web Server for Access Manager 1

3. To Create a Non-Root User on the Access Manager 2 Host Machine

4. To Install Sun Java System Web Server for Access Manager 2

Web Server can also be installed with a root user.

To Create a Non-Root User on the Access Manager 1 Host Machine

1. As a root user, log in to the AccessManager–1 host machine.

2. Use roleadd to create a new user.

   # roleadd -s /sbin/sh -m -g staff -d /export/am71adm am71adm

   ---

   Note –

   We chose to use roleadd rather than useradd for security reasons as roleadd disables the ability of the user to log in.

   ---

3. (Optional) Verify that the user was created.

   # cat /etc/passwd root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/: ... nobody4:x:65534:SunOS 4.x NFS Anonymous Access User:/: am71adm:x:215933:10::/export/am71adm:/sbin/sh

4. (Optional) Verify that the user's directory was created.

   # cd /export/am71adm # ls local.cshrc local.profile local.login

5. Create a password for the non-root user.

   # passwd am71adm New Password: 4m71a6m Re-ener new Pasword: 4m71a6m passwd: password successfully changed for am71adm

   ---

   Caution –

   If you do not perform this step, you will not be able to switch user (su) when logged in as the non-root user.

   ---

To Install Sun Java System Web Server for Access Manager 1

Before You Begin

This procedure assumes you have just completed To Create a Non-Root User on the Access Manager 1 Host Machine.

1. On the AccessManager-1 host machine, install required patches if necessary.

   # patchadd -p | grep 117461-08

   A list of patch numbers is displayed. On our lab machine, the required patch 117461-08 is present so there is no need to install patches at this time.

   ---

   Note –

   Results for your machines might be different. Read the latest version of the Web Server 7.0 Release Notes to determine if you need to install patches and, if so, what they might be. You can search for patches directly at http://sunsolve.sun.com by navigating to the PatchFinder page, entering the patch number and clicking Find Patch.

   ---

2. Create a directory into which the Web Server bits can be downloaded and change into it.

   # mkdir /export/WS7 # cd /export/WS7

3. Download the Sun Java System Web Server 7.0 software from http://www.sun.com/download/products.xml?id=45ad781d.

   Follow the instructions on the Sun Microsystems Product Downloads web site for downloading the software.

4. Unpack the software package.

   # gunzip sjsws-7_0-solaris-sparc.tar.gz # tar xvf sjsws-7_0-solaris-sparc.tar

5. Run setup.

   # ./setup --console

6. When prompted, provide the following information.

   You are running the installation program for the Sun Java System Web Server 7.0. ... The installation program pauses as questions are presented so you can read the information and make your choice. When you are ready to continue, press Enter.	Press Enter. Continue to press Enter when prompted.
   Have you read the Software License Agreement and do you accept all the terms?	Enter yes.
   Sun Java System Web Server 7.0 Installation Directory [/sun/webserver7]	Enter /opt/SUNWwbsvr
   Specified directory /opt/SUNWwbsvr does not exist. Create Directory? [Yes/No]	Enter yes.
   Select Type of Installation 1. Express 2. Custom 3. Exit What would you like to do? [1]	Enter 2.
   Component Selection 1. Server Core 2. Server Core 64-biy Binaries 3. Administration Command Line Interface 4. Sample Applications 5. Language Pack Enter the comma-separated list [1,2,3,4,5]	Enter 1,3,5.
   Java Configuration 1. Install Java Standard Edition 1.5.0_09 2. Reuse existing Java SE 1.5.0_09 or greater 3. Exit What would you like to do? [1]	Enter 1.
   Administrative Options 1. Create an Administration Server and a Web Server Instance 2. Create an Administration Node Enter your option. [1]	Enter 1.
   Start servers during system startup. [yes/no]	Enter no.
   Host Name [AccessManager-1.example.com]	Accept the default value.
   SSL Port [8989]	Accept the default value.
   Create a non-SSL Port? [yes/no]	Enter no.
   Runtime User ID [root]	Enter am71adm.
   Administrator User Name [admin]	Accept the default value.
   Administrator Password:	Enter web4dmin.
   Retype Password:	Enter web4dmin.
   Server Name [AccessManager-1.example.com]	Accept the default value.
   Http Port [8080]	Enter 1080.
   Document Root Directory [/opt/SUNWwbsvr/ https-AccessManager-1.example.com/docs]	Accept the default value.
   Ready To Install 1. Install Now 2. Start Over 3. Exit Installation What would you like to do?	Enter 1.

   When installation is complete, the following message is displayed:

   Installation Successful.

7. To verify that Web Server was installed with the non-root user, examine the permissions.

   # cd /opt/SUNWwbsvr/admin-server/ # ls -al total 16 drwxr-xr-x 8 root root 512 Jul 19 10:36 . drwxr-xr-x 11 am71adm staff 512 Jul 19 10:36 .. drwxr-xr-x 2 root root 512 Jul 19 10:36 bin drwx------ 2 am71adm staff 512 Jul 19 10:36 config drwx------ 3 am71adm staff 512 Jul 19 11:09 config-store drwx------ 3 am71adm staff 512 Jul 19 10:40 generated drwxr-xr-x 2 am71adm staff 512 Jul 19 10:40 logs drwx------ 2 am71adm staff 512 Jul 19 10:36 sessions

   The appropriate files and directories are owned by am71adm.

8. Start the Web Server 1 administration server.

   # su am71adm # cd /opt/SUNWwbsvr/admin-server/bin # ./startserv

9. Verify that the non-root user was able to start Web Server with the following sub-procedure.

   1. Access from https://AccessManager-1.example.com:8989 a web browser.

   2. Log in to the Web Server console as admin.

      User Name:

      admin

      Password:

      web4dmin

      The Web Server administration console opens, verifying that the non-root user was able to start Web Server.

   3. Exit the console and close the browser.

10. Log out of the AccessManager–1 host machine.

To Create a Non-Root User on the Access Manager 2 Host Machine

1. As a root user, log in to the AccessManager–2 host machine.

2. Use roleadd to create a new user.

   # roleadd -s /sbin/sh -m -g staff -d /export/am71adm am71adm

3. (Optional) Verify that the user was created.

   # cat /etc/passwd root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/: ... nobody4:x:65534:SunOS 4.x NFS Anonymous Access User:/: am71adm:x:215933:10::/export/am71adm:/sbin/sh

4. (Optional) Verify that the user's directory was created.

   # cd /export/am71adm # ls local.cshrc local.profile local.login

5. Create a password for the non-root user.

   # passwd am71adm New Password: 4m71a6m Re-ener new Pasword: 4m71a6m passwd: password successfully changed for am71adm

   ---

   Caution –

   If you do not perform this step, you will not be able to switch user (su) when logged in as the non-root user.

   ---

To Install Sun Java System Web Server for Access Manager 2

Before You Begin

This procedure assumes that you just completed To Create a Non-Root User on the Access Manager 2 Host Machine.

1. On the AccessManager-2 host machine, install required patches if necessary.

   # patchadd -p | grep 117461-08

   A list of patch numbers is displayed. On our lab machine, the required patch 117461-08 is present so there is no need to install patches at this time.

   ---

   Note –

   Results for your machines might be different. Read the latest version of the Web Server 7.0 Release Notes to determine if you need to install patches and, if so, what they might be. You can search for patches directly at http://sunsolve.sun.com by navigating to the PatchFinder page, entering the patch number and clicking Find Patch.

   ---

2. Create a directory into which the Web Server bits can be downloaded and change into it.

   # mkdir /export/WS7 # cd /export/WS7

3. Download the Sun Java System Web Server 7.0 software from http://www.sun.com/download/products.xml?id=45ad781d.

   Follow the instructions on the Sun Microsystems Product Downloads web site for downloading the software.

4. Unpack the software package.

   # gunzip sjsws-7_0-solaris-sparc.tar.gz # tar xvf sjsws-7_0-solaris-sparc.tar

5. Run setup.

   # ./setup --console

6. When prompted, provide the following information.

   You are running the installation program for the Sun Java System Web Server 7.0. ... The installation program pauses as questions are presented so you can read the information and make your choice. When you are ready to continue, press Enter.	Press Enter. Continue to press Enter when prompted.
   Have you read the Software License Agreement and do you accept all the terms?	Enter yes.
   Sun Java System Web Server 7.0 Installation Directory [/sun/webserver7]	Enter /opt/SUNWwbsvr
   Specified directory /opt/SUNWwbsvr does not exist. Create Directory? [Yes/No]	Enter yes.
   Select Type of Installation 1. Express 2. Custom 3. Exit What would you like to do? [1]	Enter 2.
   Component Selection 1. Server Core 2. Server Core 64-biy Binaries 3. Administration Command Line Interface 4. Sample Applications 5. Language Pack Enter the comma-separated list [1,2,3,4,5]	Enter 1,3,5.
   Java Configuration 1. Install Java Standard Edition 1.5.0_09 2. Reuse existing Java SE 1.5.0_09 or greater 3. Exit What would you like to do? [1]	Enter 1.
   Administrative Options 1. Create an Administration Server and a Web Server Instance 2. Create an Administration Node Enter your option. [1]	Enter 1.
   Start servers during system startup. [yes/no]	Enter no.
   Host Name [AccessManager-2.example.com]	Accept the default value.
   SSL Port [8989]	Accept the default value.
   Create a non-SSL Port? [yes/no]	Enter no.
   Runtime User ID [root]	Enter am71adm.
   Administrator User Name [admin]	Accept the default value.
   Administrator Password:	Enter web4dmin.
   Retype Password:	Enter web4dmin.
   Server Name [AccessManager-2.example.com]	Accept the default value.
   Http Port [8080]	Enter 1080.
   Document Root Directory [/opt/SUNWwbsvr/ https-AccessManager-2.example.com/docs]	Accept the default value.
   Ready To Install 1. Install Now 2. Start Over 3. Exit Installation What would you like to do?	Enter 1.

   When installation is complete, the following message is displayed:

   Installation Successful.

7. To verify that Web Server was installed with the non-root user, examine the permissions.

   # cd /opt/SUNWwbsvr/admin-server/ # ls -al total 16 drwxr-xr-x 8 root root 512 Jul 19 10:36 . drwxr-xr-x 11 am71adm staff 512 Jul 19 10:36 .. drwxr-xr-x 2 root root 512 Jul 19 10:36 bin drwx------ 2 am71adm staff 512 Jul 19 10:36 config drwx------ 3 am71adm staff 512 Jul 19 11:09 config-store drwx------ 3 am71adm staff 512 Jul 19 10:40 generated drwxr-xr-x 2 am71adm staff 512 Jul 19 10:40 logs drwx------ 2 am71adm staff 512 Jul 19 10:36 sessions

   The appropriate files and directories are owned by am71adm.

8. Start the Web Server 2 administration server.

   # su am71adm # cd /opt/SUNWwbsvr/admin-server/bin # ./startserv

9. Verify that the non-root user was able to start Web Server with the following sub-procedure.

   1. Access https://AccessManager-2.example.com:8989 from a web browser.

   2. Log in to the Web Server console as admin.

      User Name:

      admin

      Password:

      web4dmin

      The Web Server administration console opens, verifying that the non-root user was able to start Web Server.

   3. Exit the console and close the browser.

10. Log out of the AccessManager–2 host machine.