test

Technical Note: Installing Access Manager to Run as a Non-Root User

Installing Access Manager With Web Server to Run as a Non-root User

To install and configure Access Manager with Web Server 6.1 as the web container, follow these steps.

  1. As superuser (root), create a non-root user and group, if they do not already exist. Examples in this document use amuser and amgroup as the non-root user and group. For example, on Solaris 10 systems: 

    # groupadd amgroup
# mkdir /export/home
# useradd -d /export/home/amuser -m -g amgroup amuser

  2. As superuser (root), install Directory Server and Administration Server by running the Java ES installer. Specific values that you must set are:

    • On the Common Server Settings page, enter the non-root user (amuser) for System User and non-root group (amgroup) for System Group.

    • Select port numbers for Directory Server and Administration Server that are greater than 1024. Do not use port number 389 or 390.

  3. As the non-root user, start Administration Server and Directory Server. For example: 

    /javaes/ds/start-admin
...
/javaes/ds/slapd-host.example.com/start-slapd

    All processes should be owned by the non-root user (amuser in amgroup). For example:

    amuser 2474 1 0 01:32:08 ? 0:00 ./uxwdog -e -d /javaes/ds/admin-serv/config
amuser 2485 1 0 01:32:16 ? 0:01 ./ns-slapd -D /javaes/ds/slapd-host 
  -i /javaes/ds/slapd-host/lo
amuser 2475 2474 0 01:32:08 ? 0:00 ns-httpd -d /javaes/ds/admin-serv/config
amuser 2477 2475 0 01:32:08 ? 0:01 ns-httpd -d /javaes/ds/admin-serv/config

  4. As superuser (root), install Web Server 6.1 by running the Java ES installer. Specific values that you must set are:

    • On the Common Server Settings page, enter the non-root user for System User and non-root group for System Group.

    • On the Web Server: Administration (1 of 2) page, change the Administration Runtime User ID to the non-root user.

    • On the Web Server: Default Web Server Instance (2 of 2) page, change the Runtime User ID to the non-root user and the Runtime Group to the non-root group. Specify a value for HTTP Port that is greater than 1024.

  5. As the non-root user, start the Web Server administration instance and Web Server instance. All processes should be owned by the non-root user (amuser in amgroup). For example:

    amuser 4200 1 0 02:00:44 ? 0:00 ./webservd-wdog -r  
  /javaes/ws -d /javaes/ws/https-admserv/config -n https 
amuser 2474 1 0 01:32:08 ? 0:00 ./uxwdog -e -d 
  /javaes/ds/admin-serv/config 
amuser 4202 4201 1 02:00:44 ? 0:02 webservd -r 
  /javaes/ws -d /javaes/ws/https-admserv/config -n https-admser 
amuser 4220 4219 1 02:00:54 ? 0:03 webservd -r 
  /javaes/ws -d /javaes/ws/https-amhost.example.com/conf
amuser 4219 4218 0 02:00:54 ? 0:00 webservd -r 
  /javaes/ws -d /javaes/ws/https-amhost.example.com/conf
amuser 4201 4200 0 02:00:44 ? 0:00 webservd -r 
  /javaes/ws -d /javaes/ws/https-admserv/config -n https-admser

  6. As superuser (root), install Access Manager by running the Java ES installer. On the Configuration Type page, select the Configure Later option.

  7. Depending on your platform, change the ownership of the following directories from root and other to the non-root user and non-root group:

    • Solaris systems: /opt/SUNWma and /etc/opt/SUNWma

    • Linux systems: /opt/sun/mobileaccess and /etc/opt/sun/mobileaccess

    For example, on Solaris systems:

    # chown -R amuser:amgroup /opt/SUNWma /etc/opt/SUNWma

  8. As superuser (root), change to the Access Manager /bin directory, depending on your platform. For example:

    • Solaris systems: cd /opt/SUNWam/bin

    • Linux systems: cd /opt/sun/identity/bin

  9. As superuser (root), make a copy of the amsamplesilent file. For example:

    # cp -p amsamplesilent am.non_root_install

  10. As superuser (root), edit the am.non_root_install file as follows:

    • Set BASEDIR to the same value that you selected for the Access Manager installation directory when you ran the Java ES installer.

    • Set NEW_OWNER to the non-root user and NEW_GROUP to the non-root group.

    • Update the following variables: SERVER_HOST, SERVER_PORT, DS_HOST, DS_PORT, ROOT_SUFFIX, COOKIE_DOMAIN, WS61_ADMINPORT and all related password fields, including DS_DIRMGRPASSWD, ADMINPASSWD, and AMLDAPUSERPASSWD.

  11. As superuser (root), run the amconfig script with the edited am.non_root_install file to deploy Access Manager. For example:

    # ./amconfig -s ./am.non_root_install

  12. As the non-root user, stop the Web Server Administration Server instance and Web Server instance.

  13. As superuser (root), change the ownership of the Web Server installation directory to the non-root user and group. For example: 

    # chown -R amuser:amgroup /opt/SUNWwbsvr

  14. As the non-root user, start the Web Server Administration Server instance and the Web Server instance.

  15. Access the Web Server Administration Console in a browser and login as the Web Server administrator.

  16. Select the instance on which you deployed Access Manager and click Manage.

  17. Click Apply and then Apply Changes.