Sun ONE logo      Previous      Contents      Index      Next     

Sun ONE Identity Synchronization for Windows Installation and Configuration Guide

Appendix C  
Running Services as Non-Root

Identity Synchronization for Windows 1.0 requires root privileges to install and run its services. If you wish to run services under a non-root user perform the following:

  1. Optionally use the UNIX useradd command to create a user account for Identity Synchronization for Windows.
    (You also can use nobody user to run services.)
  2. If you are going to install a Sun ONE Directory Server connector on Solaris, you must choose a non-privileged port for the connector during installation. For example, ports larger than 1024 are acceptable.
  3. After installing all components, use the /etc/init.d/isw stop command as root to shut down Identity Synchronization for Windows.
  4. You must update the ownership of some files. Consider an example where the product was installed under /usr/sunone/servers/isw-example.
    1. As root, execute the following commands:

      2. cd /usr/sunone/servers/isw-example

      chown -R idsync logs/CNN* resources etc persist

      chown idsync logs

    2. If the core is installed on this host, execute the following command as root:

      3. chown idsync resources/SystemManagerBootParams.cfg

      resources/CentralLoggerManagerInitParams.cfg

    3. If there are any connectors are installed on this host, execute the following command as root:

      4. chown -R idsync resources/connectors

    4. If the plugin is installed on Solaris and the Sun ONE Directory Server is running with non-root privileges, then make sure that the log directory of the plugin is writable by the user account the directory server is running as. For example, if the Directory Server is running as user sunds, the following command-line should be executed:

      5. chown -R sunds /usr/sunone/servers/isw-example/logs/SUBC*

  5. By default, the start-up and shut-down scripts expect the pid file to reside in the installation root. To avoid having to make the installation root directory writable by the Identity Synchronization for Windows user, you must move the pid file to a directory that is more suitable, such as the logs directory.
    1. As root, execute the following commands:

      2. cd /usr/sunone/servers/isw-example

      perl -p -i -e ’s/pid.txt/logs\pid.txt/g’ *_watchdog.sh /etc/init.d/isw

    2. Open the /etc/init.d/isw file in a text editor and replace the "$EXEC_START_WATCHDOG" "$JAVA_PATH" "$PSW_HOME" line with the following line:

      3. su idsync -c "$EXEC_START_WATCHDOG '$JAVA_PATH' '$PSW_HOME'"

  6. As root, use the following command to restart the service:

    7. /etc/init.d/isw start

  7. Use the following command to verify that the components are running under the userid of the assigned user:

    8. ps -ef | grep idsync



Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.