UNIX User Installation

You can install and configure Portal Server to run under three different UNIX users:

• root. This is the default option. All Portal Server components are installed and configured to run as the system superuser. Some security implications arise from this configuration:

  • An application bug can be exploited to gain root access to the system.

  • You need root access to modify some of the templates. Root access raises potential security concerns as this responsibility is typically delegated to non-system administrators.

• User nobody. You can install Portal Server as the user nobody (UID 60001). This can improve the security of the system, because the user nobody does not have any privileges and cannot create, read, or modify the system files. This feature prevents user nobody from using Portal Server to gain access to system files and break into the system.

  The user nobody does not have a password, which prevents a regular user from becoming nobody. Only the superuser can change users without being prompted for a password. Thus, you still need root access to start and stop Portal Server services.

• Nonroot user. You can run Portal Server as a regular UNIX user. The security benefits of a regular user are similar to the security benefits provided by the user nobody. A regular UNIX user has additional benefits as this type of user can start, stop, and configure services. After installation, you need to change ownership of some files.

  See the Sun Java Enterprise System 5 Installation Guide for more information.