Running the deployment manager with a non-root user ID

 

---

By default, the Network Deployment product on Linux and UNIX platforms uses the root user to run the deployment manager, which is the dmgr process. One can use a non-root user to run the deployment manager.

If global security is enabled, the user registry must not be Local OS. Using the Local OS user registry requires the dmgr process to run as root.

For the steps that follow, assume that:

wasadmin	is the user to run all servers
wasnode	is the node name
wasgroup	is the user group
dmgr	is the deployment manager
/opt/WebSphere/DeploymentManager	is the installation root

To configure a user to run the deployment manager, complete the following steps:

1. Log on as root.

2. Create user "wasadmin" with primary group "wasgroup".

3. Reboot the machine.

4. Start the deployment manager process using startManager.sh.

5. Define the dmgr to run as a wasadmin process by going to...

   System Administration > DeploymentManager > Process Definition > Process Execution

   ...and changing these values...

   Property	Value
   Run As User	wasadmin
   Run As Group	wasgroup
   UMASK	002

6. Save the configuration.

7. Stop the deployment manager with the stopManager command:

         stopmanager 
   

8. As root, use operating system tools to change file permissions:

    
       chgrp wasgroup /opt/WebSphere
       chgrp wasgroup /opt/WebSphere/DeploymentManager"
       chgrp -R wasgroup /opt/WebSphere/DeploymentManager/config
       chgrp -R wasgroup /opt/WebSphere/DeploymentManager/logs
       chgrp -R wasgroup /opt/WebSphere/DeploymentManager/wstemp
       chgrp -R wasgroup /opt/WebSphere/DeploymentManager/installedApps
       chgrp -R wasgroup /opt/WebSphere/DeploymentManager/temp
       chgrp -R wasgroup /opt/WebSphere/DeploymentManager/tranlog
       chmod g+w /opt/WebSphere
       chmod g+w /opt/WebSphere/DeploymentManager"
       chmod -R g+w  /opt/WebSphere/DeploymentManager/config
       chmod -R g+w /opt/WebSphere/DeploymentManager/logs
       chmod -R g+w /opt/WebSphere/DeploymentManager/wstemp
       chmod -R g+w /opt/WebSphere/DeploymentManager/installedApps
       chmod -R g+w /opt/WebSphere/DeploymentManager/temp
       chmod -R g+w /opt/WebSphere/DeploymentManager/tranlog
    
   

9. Log in as wasadmin .

10. From wasadmin, start the deployment manager process with the startManager command:

         startmanager
    

 

Results

One can start a deployment manager process from a non-root user.

---

Running an Application Server with a non-root user ID and the nodeagent as root
Running an Application Server and nodeagent with a non-root user ID
Configure deployment managers