Sun Java System Web Server 6.1 SP12 Administrator's Guide

Changing the Superuser Settings

You can configure superuser access for Administration Server. These settings affect only the superuser account. If your Administration Server uses distributed administration, set up additional access controlsfor the administrators you allow.

Caution – Caution –

If you use Sun Java System Directory Server to manage users and groups, update the superuser entry in the directory before you change the superuser's user name or password. If you do not update the directory first, you will not be able to access the Users & Groups forms in the Administration Server. To fix this problem, you can access the Administration Server with an administrator account that has access to the directory, or update the directory using the Sun Java System Directory Server’s Console or its configuration files.

ProcedureTo change the superuser settings for the Administration server

  1. Access the Administration Server and choose the Preferences tab.

  2. Click the Superuser Access Control link.

  3. Make the desired changes and click OK.

    Note –

    You can change the Administration Server user from root to another user to enable multiple users (belonging to the group) to edit or manage the configuration files. If you use a UNIX/Linux platform, the installer can give “rw” (read/write) permissions to a group for the configuration files, on Windows platforms, the user must belong to the “Administrators” group to modify the configuration file.

    The superuser’s user name and password are kept in a file called server_root/https-admserv/config/admpw. If you forget the user name, you can view this file to obtain the actual name; however, note that the password is encrypted and unreadable. The file has the format username:password. If you forget the password, you can edit the admpw file and simply delete the encrypted password. You can then go to the Server Manager forms and specify a new password.

    Caution – Caution –

    Because you can edit the admpw file, it is very important that you keep the server in a secure location and restrict access to its file system:

    • On UNIX/Linux systems, consider changing the file ownership so that it is writable only by root or the system user that runs the Administration Server daemon.

    • On Windows systems, restrict the file ownership to the user account that the Administration Server uses.