Sun Java System Identity Synchronization for Windows 1 2004Q3 Installation and Configuration Guide |
Appendix C
Running Services as Non-Root on SolarisYou must have root privileges to install and run Identity Synchronization for Windows services. However, after installing the product you can configure the software to run the program services as a non-root user.
To run services as a non-root user on Solaris, perform the following steps:
- Use the UNIX useradd command to create a user account for Identity Synchronization for Windows (optional step).
You also can use a nobody user to run services.
The remaining examples in this procedure assume you created a user called iswuser.- To install a Sun Java System Directory Server Connector on Solaris, you must choose a non-privileged port for the Connector during installation.
(For example, ports larger than 1024 are acceptable.)
- After installing all components, execute the following command to stop Identity Synchronization for Windows:
/etc/init.d/isw stop
- You must update the ownership of the instance directory.
For example if you installed the product in /var/opt/SUNWisw.chown -R iswuser /var/opt/SUNWisw
chown -R iswuser /opt/SUNWisw
- In a text editor, open the /etc/init.d/isw file and replace the following line:
"$EXEC_START_WATCHDOG" "$JAVA_PATH" "$INSTALL_DIR" "CONFIG_DIR"
with the following:
su iswuser -c "$EXEC_START_WATCHDOG '$JAVA_PATH' '$INSTALL_DIR' 'CONFIG_DIR'"
- Execute the following command to restart the service:
/etc/init.d/isw start
- Execute the following command to verify that the components are running using the assigned user’s userid:
ps -ef | grep iswuser