Access Manager Configured to Run as a Non-root User Example
This example provides an installation sequence and configuration procedures for allowing Access Manager to run in a web container that is not owned by root.
Requirements and Sequence Issues
If your installation plan calls for deploying Access Manager in an instance of Web Server or Application Server that is not owned by the superuser (root ), you must install Access Manager in a separate installation session from Directory Server and Web Server or Application Server.
The general steps for creating this installation sequence include the following:
-
Session 1, Host A: Installing Directory Server and Administration Server
-
Session 2, Host B: Installing Web Server
-
Session 3, Host B: Installing Access Manager
Note –
If you have already deployed Access Manager in a root-owned instance of Web Server or Application Server, uninstall any copy of Access Manager before following the procedure in this section.
To Develop a Sequence for Host A
The following high-level tasks are required:
Steps
-
Installing Directory Server and Administration Server using the Configure Now option
-
In the Common Server Settings page, enter the non-root user for System User and non-root group for System Group.
-
Select port numbers for Directory Server and Administration Server that are higher than 1024 (do not use 389 and 390).
-
-
As the non-root user, starting Directory Server and Administration Server (all processes must be owned by the non-root user)
To Develop a Sequence for Host B (First Session)
The following high-level tasks are required:
Steps
-
Installing Web Server using the Configure Now option
-
In the Common Server Settings page, enter the non-root user for System User and non-root group for System Group.
-
In the Web Server: Administration (1 of 2) page, change the Administration Runtime User ID to the non-root user.
-
In the Web Server: Default Web Server Instance page:
-
Change the Runtime User ID to the non-root user.
-
Change the Runtime Group to the non-root group.
-
Select a value for HTTP Port that is higher than 1024.
-
-
-
As the non-root user, starting the Web Server administration instance and Web Server instance
All processes should be owned by the non-root users.
To Develop a Sequence for Host B (Second Session)
The following high-level tasks are required:
Steps
-
Installing Access Manager using the Configure Later option
-
Changing ownership of the following directories from root/other to the non-root user/non-root group:
These shared component directories must be changed because they are configured into the web container classpath by the Access Manager configuration program.
Solaris OS: /opt/SUNWma and /etc/opt/SUNWma
Linux: /opt/sun/mobileaccess and /etc/opt/sun/mobileaccess
chown -R nonroot-user:nonroot-group /opt/SUNWma /etc/opt/SUNWma
-
Editing the amsamplesilent file
-
Go to the Access Manager bin directory:
Solaris OS: cd AccessManager-base/SUNWam/bin
Linux: cd AccessManager-base/identity/bin
-
Make a copy of the amsamplesilent file. For example:
cp -p amsamplesilent am.non_root_install
-
Edit the copy of the amsamplesilent file.
-
Set BASEDIR to the same value that you selected for the installation directory of Access Manager during installation
-
Update SERVER_HOST, SERVER_PORT, DS_HOST, DS_PORT, ROOT_SUFFIX, WS61_ADMINPORT and all related password fields (DS_DIRMGRPASSWD, ADMINPASSWD, AMLDAPUSERPASSWD).
-
-
-
Using the edited amsamplesilent file to deploy Access Manager
./amconfig -s ./am.non_root_install
-
As the non-root user, stopping the Web Server admin instance and Web Server instance
-
As root, changing the ownership of the Web Server installation directory
chown -R <non-root-user\>:<non-root-group\> WebServer-base
-
As the non root-user, starting the Web Server admin instance and Web Server instance
-
Accessing the Web Server admin console in a browser and logging in as the admin user
-
Selecting the instance on which you deployed Access Manager
- © 2010, Oracle Corporation and/or its affiliates