iPlanet Portal Server 3.0 Service Pack 4 Installation Guide: Chapter 7 User Non-Root

Previous Contents Index Next

iPlanet Portal Server 3.0 Service Pack 4 Installation Guide

Chapter 7 User Non-Root

This procedure configures User Non-Root on an iPlanet Portal Server 3.0 server. For the examples shown, the server and gateway are installed on the same system. If installing the gateway on a separate system, perform the same steps on the gateway computer, where appropriate. If User Non-Root was installed in a previous iPlanet Portal Server version, and is being upgraded to Service Pack 4, see the "Upgrading User Non-Root to Service Pack 4" section.

Note A root-started gateway can run with a non-root user started server.

Note Authentication helpers must be run as root.

The following information is included in this procedure:

Installation Examples

Installing the iPlanet Portal Server 3.0 Server

Installing the iPlanet Portal Server 3.0 Gateway

Configuring User Non-Root on the Server

Configuring User Non-Root on the Gateway

Special Case Configurations

Upgrading User Non-Root to Service Pack 4

Non-Root User Error Messages

Server Error Messages

Gateway Error Messages

Installation Examples

When installing the iPlanet Portal Server 3.0 server to run as non-root, select non-default installation values.
If specifying a non-root userid, enter an unused port number above 1024 for the directory server (default is 389); these examples use port 8389, as all the other iPlanet Portal Server ports are in the 8000's. If a root password is not being implemented, change the super administrator's userid from the default root. If configuring the gateway to run as non-root, specify a different port.
These examples use port 8443 for the gateway, instead of the default 443. Select a non-default install for the gateway when planning to run with a non-root userid.
A sample server and gateway install sessions appears below.

Note In the following instructions and examples, /opt is the default installation directory.

Installing the iPlanet Portal Server 3.0 Server

See the original iPlanet Portal Server 3.0 Installation Guide for more information on installing the iPlanet Portal Server server software.

Tip Non-default entries are shown in bold text.

# ./ipsinstall

****************************************************************

iPlanet(TM) Portal Server (iPS) (3.0sp4 release)

****************************************************************

Installation log at /var/sadm/install/logs/ipsinstall.18655/install.log

This product will run without a license. However, you must either purchase a Binary Code License from, or accept the terms of a Binary Software Evaluation license with, Sun Microsystems, to legally use this product.

Do you accept? yes/[no] yes

Inspecting system.

Inspecting network.

What is the iPS hostname of this machine? [server1]

What is the subdomain ("." for none)? []

What is the domain? [sesta.com]

What is the ip address of server1.sesta.com? [192.168.01.01]

Inspecting iPS components.

Options:

1) Continue upgrade

2) Continue as a clean install (current installation will be removed)

3) Continue install (current installation will not be removed)

4) Remove current installation

5) Exit

Choice? [5] 2

Select which component to install:

1) iPlanet(TM) Portal Server

2) iPlanet(TM) Portal Server: Secure Remote Access Pack (Gateway)

3) Exit

Choice? [3] 1

What directory to install in? [/opt]

Are the servers using SSL protocol? y/[n]

Is this a multiple server install? y/[n]

The primary server will run on server1.sesta.com

On what port will the primary server run? [8080]

What is the root of the primary role tree? [sesta.com]

What is the user for the root of the role tree? [root]

The directory server will run on server1.sesta.com

On what port will the directory server run? [389] 8389

On what port will the gateways run? [443] 8443

Is this a multiple gateway install? y/[n]

On what hostname will the gateway run? [MyGateway] server1

What is the sub-domain name for server1 ("." for none)? []

What is the domain name for server1? [sesta.com]

Should the gateway(s) use a web proxy? y/[n]

What is the administrator port for the web server? [8088]

A passphrase is needed to manage and install certificates on the

gateway and the server, in the configuration of the web and

LDAP servers and to allow secure communication between the

gateways and servers. The passphrase

must match between gateway and server installations.

What is the passphrase (8 chars minimum) :

Re-enter passphrase :

Start after installation completes? [y]/n

Server settings

Installation Directory : /opt

Server List : http://server1.sesta.com:8080

Gateway List : server1.sesta.com:8443

Profile Server : http://server1.sesta.com:8080

Profile Role Tree Root : sesta.com

Profile Role Tree User : root

LDAP Port : 8389

LDAP Admin Port : 8900

Web Server Admin Port : 8088

Start Server : y

Are these settings correct? [y]/n

Installing server.

Installing SUNWwtsdd...

Installing SUNWwtws...

Installing SUNWwtsvd...

Installing SUNWwtdt...

Installing SUNWwtnm...

Installing SUNWwtnf...

Installing SUNWwtrw...

Installing SUNWwtdoc...

Installing SUNWwtsam...

Installing SUNWwtds...

Starting server.

Installing the iPlanet Portal Server 3.0 Gateway

See the original iPlanet Portal Server 3.0 Installation Guide for more information on installing the iPlanet Portal Server gateway software.

Tip Non-default entries are shown in bold text.

Select which component to install:

1) iPlanet(TM) Portal Server

2) iPlanet(TM) Portal Server: Secure Remote Access Pack (Gateway)

3) Exit

Choice? [3] 2

Is the primary server using SSL protocol? y/[n]

Should the local machine be the primary server? [y]/n

The primary server will run on server1.sesta.com

What is the port for the primary server? [8080]

What is the root of the role tree? [sesta.com]

What is the user for the root of the role tree? [root]

On what hostname will the gateway run? [server1]

What is the sub-domain name for server1 ("." for none)? []

What is the domain name for server1? [sesta.com]

On what port will the gateway run? [443] 8443

Does this gateway have multiple network interfaces? y/[n]

Install firewall? y/[n]

What is the passphrase (8 chars minimum) :

Re-enter passphrase :

Start after installation completes? [y]/n

Gateway settings

Installation Directory : /opt

Gateway : server1.sesta.com:8443

Gateway IP Address : 192.168.01.03

Profile Server : http://server1.sesta.com:8080

Profile Role Tree Root : sesta.com

Profile Role Tree User : root

Install Firewall : n

Start Gateway : y

Are these settings correct? [y]/n

Self-signed certificate for a SSL connection.

What is the name of your organization? [MyCompany] sesta

What is the name of your organizational unit? [MyDivision] florizel

What is the name of your city or locality? [MyCity] santa clara

What is the name of your state or province? [MyState] california

What is the two-letter country code? [us]

Installing gateway.

Installing SUNWwtgwd...

Starting gateway.

Configuring User Non-Root on the Server

Perform all steps as root, except as noted.

Note Install the Service Pack 4 server, gateway, and the third-party products before starting execution of the procedure described below. Failure to do this will result in having to redo some of the install steps.

Caution
Stop all the services before doing the following changes to configure user non-root. Failure to do this will result in problems restarting the server.

See the "Clean Installation" for more information on installing Service Pack 4.
After installing the iPlanet Portal Server software do the following:

As root, in a terminal window:

# chmod 666 /dev/random

Note In the following examples for non-root user, substitute userid for the qualified name of a user. Must be a valid userid on the iPlanet Portal Server component.

As root, in a terminal window, do the following:

The userid is the name of the user, and MyGroupid is the name of the group the user belongs to. For example, if the user, Jim, belongs to the staff group, then it would be written as:

chown -R Jim:staff /opt/netscape

# chown -R Userid:MyGroupid /opt/netscape
# chown -R Userid:MyGroupid /opt/SUNWips
# chown -R Userid:MyGroupid /etc/opt/SUNWips
# chown -R Userid:MyGroupid /var/opt/SUNWips

Edit the following file, to change the localuser to user login name (Userid), as shown in bold text:

/opt/netscape/directory4/slapd-servername/config/slapd.conf

########################################################################

# /opt/netscape/directory4/slapd-server1/config/slapd.conf

# Netscape Directory Server global configuration file

# Do not modify this file while ns-slapd is running

########################################################################

instancedir "/opt/netscape/directory4/slapd-server1"

errorlog "/opt/netscape/directory4/slapd-server1/logs/errors"

errorlog-logging-enabled on

plugin syntax on "Telephone Syntax" "/opt/netscape/directory4/lib/syntax-plugin.

so" tel_init

plugin matchingRule on "Internationalization Plugin" "/opt/netscape/directory4/l

ib/liblcoll.so" orderingRule_init "/opt/netscape/directory4/slapd-server1/config

/slapd-collations.conf"

plugin syntax on "Integer Syntax" "/opt/netscape/directory4/lib/syntax-plugin.so

" int_init

plugin syntax on "Distinguished Name Syntax" "/opt/netscape/directory4/lib/synta

x-plugin.so" dn_init

plugin syntax on "Case Ignore String Syntax" "/opt/netscape/directory4/lib/synta

x-plugin.so" cis_init

plugin syntax on "Case Exact String Syntax" "/opt/netscape/directory4/lib/syntax

-plugin.so" ces_init

plugin syntax on "Binary Syntax" "/opt/netscape/directory4/lib/syntax-plugin.so"

bin_init

return_exact_case on

include "/opt/netscape/directory4/slapd-server1/config/slapd.at.conf"

include "/opt/netscape/directory4/slapd-server1/config/slapd.oc.conf"

include "/opt/netscape/directory4/slapd-server1/config/ns-schema.conf"

readonly off

timelimit 3600

sizelimit 2000

lastmod on

idletimeout 0

ntsynch off

ntsynch-port 5009

ntsynchusessl on

port 8389

secure-port 636

maxdescriptors 1024

schemacheck off

enquote_sup_oc on

security off

localuser Userid

userat "/opt/netscape/directory4/slapd-server1/config/slapd.user_at.conf"

useroc "/opt/netscape/directory4/slapd-server1/config/slapd.user_oc.conf"

accesslog "/opt/netscape/directory4/slapd-server1/logs/access"

Edit the following files, to change the User to user login name (Userid), as shown in bold text:

/opt/netscape/server4/https-servername/config/magnus.conf

/opt/netscape/server4/https-admserv/config/magnus.conf

#ServerRoot /opt/netscape/server4/https-server1.sesta.com

ServerID https-server1.sesta.com

ServerName server1.sesta.com

Port 8080

LoadObjects obj.conf

RootObject default

ErrorLog /opt/netscape/server4/https-server1.sesta.com/logs/errors

PidLog /opt/netscape/server4/https-server1.sesta.com/logs/pid

User Userid

MtaHost localhost

DNS off

Security on

Ciphers +rc4,+rc4export,+rc2,+rc2export,+des,+desede3

SSL3Ciphers +rsa_rc4_128_md5,+rsa_3des_sha,+rsa_des_sha,+rsa_rc4_40_md5,+rsa_rc2

_40_md5,-rsa_null_md5,+rsa_des_56_sha,+rsa_rc4_56_sha

ACLFile /opt/netscape/server4/httpacl/generated.https-server1.sesta.com.acl

ClientLanguage en

AdminLanguage en

DefaultLanguage en

AcceptLanguage off

RqThrottle 1024

StackSize 131072

CGIWaitPid on

CGIWaitPid on

If the administration LDAP Directory Server process is also to run as a user other than root, edit the following file to change the configuration.nsSuiteSpotUser to user login name (Userid), as shown in bold text:

/opt/netscape/directory4/admin-serv/config/local.conf (partial example)

nsServerID: admin-serv

userPassword: {SHA}/mZi7HWjvvYwFqgGkIRTOg79/Cc=

serverRoot: /opt/netscape/directory4

serverProductName: Administration Server

serverHostName: server1.sesta.com

uniqueMember: cn=admin-serv-server1, cn=Netscape Administration Server,cn=Server

Group, cn=server1.sesta.com, ou=sesta.com, o=NetscapeRoot

installationTimeStamp: 20000914220659Z

configuration.nsServerPort: 8900

configuration.nsSuiteSpotUser: Userid

configuration.nsServerAddress: 192.168.178.52

configuration.nsAdminEnableEnduser: on

configuration.nsAdminEnableDSGW: on

configuration.nsDirectoryInfoRef: cn=Server Group, cn=server1.sesta.com,

ou=sesta.com,o=NetscapeRoot

configuration.nsAdminUsers: admin-serv/config/admpw

configuration.nsErrorLog: admin-serv/logs/error

configuration.nsPidLog: admin-serv/logs/pid

configuration.nsAccessLog: admin-serv/logs/access

configuration.nsAdminCacheLifetime: 600

configuration.nsAdminAccessHosts: *.sesta.com

configuration.nsAdminAccessAddresses: 192.168.178.52

configuration.nsAdminOneACLDir: adminacl

configuration.nsDefaultAcceptLanguage: en

configuration.nsClassname: com.netscape.management.admserv.AdminServer@admserv42

.jar@cn=admin-serv-server1, cn=Netscape Administration Server, cn=Server Group,

cn=server1.sesta.com, ou=sesta.com, o=NetscapeRoot

Edit the following file to comment out line 410, check_root_user, as shown in bold text:

/opt/SUNWips/bin/ipsserver (lines 408 through 429)

################################################################

# check_root_user

check_usage $# $2

# cd out of cdrom dir, so as to make sure no process gets started with

# cwd = the cdrom, otherwise cdrom can't eject

cd /var/opt/SUNWips/debug

umask 077

get_data

case "$1" in

'create')

do_debug $2

$MULTISERVERINSTALL $1

;;

Rename the following files to prevent the iPlanet Portal Server server from automatically being started by root upon reboot:

# mv /etc/rc3.d/S42ipsserver /etc/rc3.d/XS42ipsserver
# mv /etc/rc3.d/K42ipsserver /etc/rc3.d/XK42ipsserver

Start the iPlanet Portal Server server component. From a terminal window, as the non-root user, do the following:

% /opt/SUNWips/bin/ipsserver start

Configuring User Non-Root on the Gateway

Edit the following file to comment out lines 172 through 176, as shown in bold text:

/opt/SUNWips/bin/ipsgateway (lines 170 through 182)

################################################################

# Main starts here

################################################################

# if test `id | /usr/bin/awk '{print $1}'` != "uid=0(root)"

# then

# echo "`$gettext 'You must be root user to run'` $0."

# exit 0

# fi

umask 077

ulimit -n 10240

case "$1" in

'start')

Edit the following file to add ips.gateway.user=Userid, as shown in bold text:

/etc/opt/SUNWips/platform.conf

Note Must be a valid userid on the iPlanet Portal Server gateway component. If ips.gateway.user does not match the userid for which the procedure has been applied, permission problems will result.

# Copyright 03/22/00 Sun Microsystems, Inc. All Rights Reserved.

# "@(#)platform.conf 1.29 00/03/22 Sun Microsystems"

#

ips.defaultDomain=sesta.com

ips.server.protocol=http

ips.server.host=server1.sesta.com

ips.server.port=8080

ips.profile.host=server1.sesta.com

ips.gateway.protocol=https

ips.gateway.host=server1.sesta.com

ips.gateway.user=Userid

ips.gateway.port=8443

ips.virtualhost=server1.sesta.com 192.168.01.01

ips.naming.url=http://server1.sesta.com:8080/namingservice

ips.notification.url=http://server1.sesta.com:8080/notificationservice

ips.daemons=securid radius safeword unix skey

securidHelper.port=8943

radiusHelper.port=8944

safewordHelper.port=8945

unixHelper.port=8946

skeyHelper.port=8947

ips.cookie.name=iPlanetPortalServer

ips.locale=en_US

ips.debug=error

ips.version=3.0

ips.basedir=/opt

ips.logdelimiter=&&

Rename the following files to prevent the iPlanet Portal Server gateway from automatically being started by root upon reboot:

# mv /etc/rc3.d/S90ipsgateway /etc/rc3.d/XS90ipsgateway
# mv /etc/rc3.d/K90ipsgateway /etc/rc3.d/XK90ipsgateway

Start the iPlanet Portal Server server and gateway components. From a terminal window, as the non-root user, do the following:

% /opt/SUNWips/bin/ipsserver start
% /opt/SUNWips/bin/ipsgateway start

Special Case Configurations

When the iPlanet Portal Server server and gateway components are installed on the same system, both the server and gateway must be configured to run as user non-root.

Caution
If you have configured a system to run as a non-root user, then later add other packages with the installer, check the ownership of the Portal Server directories to make sure it is still user non-root.

Upgrading User Non-Root to Service Pack 4

To upgrade Non-Root userid installation from a previous version to Service Pack 4 requires that all the user names be reset to root for the upgrade to work. Once Service Pack 4 has been installed the user will have to re-configure the server and gateway to run as Non-Root. Failure to do all these steps may result in loss of data.
The following list is a brief summary of the steps required to upgrade to Service Pack 4:

Stop all services for the iPlanet Portal Server 3.0 server and gateway.

Note See "Stopping the Server Component Processes" for information on how to correctly perform these functions.

If the gateway is running on a separate computer from the server, do the following:

Edit the gateway /etc/opt/SUNWips/platform.conf file, as shown in bold text:

Remove ips.gateway.user=userid

# Copyright 03/22/00 Sun Microsystems, Inc. All Rights Reserved.

# "@(#)platform.conf 1.29 00/03/22 Sun Microsystems"

#

ips.defaultDomain=sesta.com

ips.server.protocol=http

ips.server.host=server1.sesta.com

ips.server.port=8080

ips.profile.host=server1.sesta.com

ips.gateway.protocol=https

ips.gateway.host=server1.sesta.com

ips.gateway.user=userid

ips.gateway.port=8443

ips.virtualhost=server1.sesta.com 192.168.01.01

ips.naming.url=http://server1.sesta.com:8080/namingservice

ips.notification.url=http://server1.sesta.com:8080/notificationservice

ips.daemons=securid radius safeword unix skey

securidHelper.port=8943

radiusHelper.port=8944

safewordHelper.port=8945

unixHelper.port=8946

skeyHelper.port=8947

ips.cookie.name=iPlanetPortalServer

ips.locale=en_US

ips.debug=error

ips.version=3.0

ips.basedir=/opt

ips.logdelimiter=&&

Edit the following file, to uncomment line 410 (remove the #), check_root_user, as shown in bold text:

/opt/SUNWips/bin/ipsserver (lines 408 through 429)

################################################################

check_root_user

check_usage $# $2

# cd out of cdrom dir, so as to make sure no process gets started with

# cwd = the cdrom, otherwise cdrom can't eject

cd /var/opt/SUNWips/debug

umask 077

get_data

case "$1" in

'create')

do_debug $2

$MULTISERVERINSTALL $1

;;

Edit the following file, to change the configuration.nsSuiteSpotUser to root, as shown in bold text:

/opt/netscape/directory4/admin-serv/config/local.conf (partial example)

userPassword: {SHA}/mZi7HWjvvYwFqgGkIRTOg79/Cc=

serverRoot: /opt/netscape/directory4

serverProductName: Administration Server

serverHostName: server1.sesta.com

uniqueMember: cn=admin-serv-server1, cn=Netscape Administration Server,cn=Server

Group, cn=server1.sesta.com, ou=sesta.com, o=NetscapeRoot

installationTimeStamp: 20000914220659Z

configuration.nsServerPort: 8900

configuration.nsSuiteSpotUser: root

configuration.nsServerAddress: 192.168.178.52

configuration.nsAdminEnableEnduser: on

configuration.nsAdminEnableDSGW: on

configuration.nsDirectoryInfoRef: cn=Server Group, cn=server1.sesta.com,

ou=sesta.com, o=NetscapeRoot

configuration.nsAdminUsers: admin-serv/config/admpw

configuration.nsErrorLog: admin-serv/logs/error

configuration.nsPidLog: admin-serv/logs/pid

configuration.nsAccessLog: admin-serv/logs/access

configuration.nsAdminCacheLifetime: 600

configuration.nsAdminAccessHosts: *.sesta.com

configuration.nsAdminAccessAddresses: 192.168.178.52

configuration.nsAdminOneACLDir: adminacl

configuration.nsDefaultAcceptLanguage: en

configuration.nsClassname: com.netscape.management.admserv.AdminServer@admserv42

.jar@cn=admin-serv-server1, cn=Netscape Administration Server, cn=Server Group,

cn=server1.sesta.com, ou=sesta.com, o=NetscapeRoot

In a terminal window, do the following:

# chown -R root:root /etc/opt/SUNWips
# chown -R root:root /var/opt/SUNWips
# chown -R root:root /opt/netscape
# chown -R root:root /opt/SUNWips

Edit the following files:

/opt/netscape/server4/http-servername/config/magnus.conf

/opt/netscape/server4/https-admserv/config/magnus.conf

Change name of the user login name (Userid) to root, as shown in bold text.

ServerID https-server1.sesta.com

ServerName server1.sesta.com

Port 8080

LoadObjects obj.conf

RootObject default

ErrorLog /opt/netscape/server4/https-server1.sesta.com/logs/errors

PidLog /opt/netscape/server4/https-server1.sesta.com/logs/pid

User root

MtaHost localhost

DNS off

Security off

Ciphers +rc4,+rc4export,+rc2,+rc2export,+des,+desede3

SSL3Ciphers +rsa_rc4_128_md5,+rsa_3des_sha,+rsa_des_sha,+rsa_rc4_40_md5,+rsa _rc2

_40_md5,-rsa_null_md5,+rsa_des_56_sha,+rsa_rc4_56_sha

ACLFile /opt/netscape/server4/httpacl/generated.https-proxy.sesta.com.ac l

ClientLanguage en

AdminLanguage en

DefaultLanguage en

AcceptLanguage off

RqThrottle 1024

StackSize 131072

CGIWaitPid on

CGIWaitPid on

Edit the following file, to change the localuser to root, as shown in bold text:

/opt/netscape/directory4/slapd-servername/config/slapd.conf

########################################################################

# /opt/netscape/directory4/slapd-server1/config/slapd.conf

# Netscape Directory Server global configuration file

# Do not modify this file while ns-slapd is running

########################################################################

instancedir "/opt/netscape/directory4/slapd-server1"

errorlog "/opt/netscape/directory4/slapd-server1/logs/errors"

errorlog-logging-enabled on

plugin syntax on "Telephone Syntax"

"/opt/netscape/directory4/lib/syntax-plugin.so" tel_init

plugin matchingRule on "Internationalization Plugin"

"/opt/netscape/directory4/lib/liblcoll.so" orderingRule_init "/opt/netscape/directory4/slapd-server1/config/slapd-collations.conf"

plugin syntax on "Integer Syntax" "/opt/netscape/directory4/lib/syntax-plugin.so" int_init

plugin syntax on "Distinguished Name Syntax"

"/opt/netscape/directory4/lib/syntax-plugin.so" dn_init

plugin syntax on "Case Ignore String Syntax"

"/opt/netscape/directory4/lib/syntax-plugin.so" cis_init

plugin syntax on "Case Exact String Syntax"

"/opt/netscape/directory4/lib/syntax-plugin.so" ces_init

plugin syntax on "Binary Syntax"

"/opt/netscape/directory4/lib/syntax-plugin.so" bin_init

return_exact_case on

include "/opt/netscape/directory4/slapd-server1/config/slapd.at.conf"

include "/opt/netscape/directory4/slapd-server1/config/slapd.oc.conf"

include "/opt/netscape/directory4/slapd-server1/config/ns-schema.conf"

readonly off

timelimit 3600

sizelimit 2000

lastmod on

idletimeout 0

ntsynch off

ntsynch-port 5009

ntsynchusessl on

port 8389

secure-port 636

maxdescriptors 1024

schemacheck off

enquote_sup_oc on

security off

localuser root

userat "/opt/netscape/directory4/slapd-server1/config/slapd.user_at.conf"

useroc "/opt/netscape/directory4/slapd-server1/config/slapd.user_oc.conf"

accesslog "/opt/netscape/directory4/slapd-server1-=/logs/access"

Install the Service Pack 4 upgrade. See "Upgrading to Service Pack 4" for the iPlanet Portal Server 3.0.

Reconfigure both the server and gateway to run as non-root. See the "Configuring User Non-Root on the Server" and "Configuring User Non-Root on the Gateway"sections.

Restore all backed up data, create all server instances, and all special configurations.

Non-Root User Error Messages

Running as a non-root user, there will be error messages on the server and gateway. These messages are expected, and workarounds are offered when appropriate.

Server Error Messages

Because a non-root user may not set the maximum file descriptors to a value larger than 1024. The ipsserver script attempts to set it to 10240.

/opt/SUNWips/bin/ipsserver: ulimit: exceeds allowable limit

Comment out the ulimit in /opt/SUNWips/bin/ipsserver and /opt/SUNWips/bin/ipsgateway.

Failure to start the doSKey. This error is not common.

starting auth helpers ... ld.so.1: /opt/SUNWips/bin/doSKey: fatal: libskey.so: open failed: No such file or directory

A workaround is to start the doSKey manually as non-root userid in /bin/sh:

LD_LIBRARY_PATH=/opt/SUNWips/bin
export LD_LIBRARY_PATH
/opt/SUNWips/bin/doSKey -c 8947

When running as a non-root user, if a locally-administered UNIX userid is to be authenticated, then:

# chown root:sys /opt/SUNWips/bin/doUnix
# chmod 4555 /opt/SUNWips/bin/doUnix

The chmod command setuid's doUnix, so that it runs as though root, even when started by non-root users.

Gateway Error Messages

Non-root users appear to be able to only set ulimit -n 1024 as a maximum number. Running as a non-root user will restrict how much load the gateway can simultaneously handle.

/dev/fd/some_number: ulimit: bad ulimit

Previous Contents Index Next
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated March 07, 2002
f