Running the deployment manager with a non-root user ID
Overview
By default, the Network Deployment product on Linux and UNIX platforms uses the root user to run the deployment manager, which is the dmgr process. You can use a non-root user to run the deployment manager.If global security is enabled, the user registry must not be Local OS. Using the Local OS user registry requires the dmgr process to run as root.
For the steps that follow, assume that:
- wasadmin is the user to run all servers
- wasnode is the node name
- wasgroup is the user group
- dmgr is the deployment manager
- the installation root for Network Deployment is install_nd_root, for example /opt/WebSphere/DeploymentManager
To configure a user to run the deployment manager, complete the following steps:
- Log on to the Network Deployment system as root.
- Create user wasadmin with primary group wasgroup.
- Log off and then log back on as root.
- Start the deployment manager process as root with the startManager.sh script.
Issue the script command from the install_nd_root/bin directory:
./startManager.sh
- Start the administrative console.
- Define the dmgr process to run as a wasadmin process.
Click System Administration > DeploymentManager > Process Definition > Process Execution and change all of these values:
Property Value Run As User wasadmin Run As Group wasgroup UMASK 002 - Save the configuration.
- Stop the deployment manager with the stopManager.sh script or
the stopManager.sh script.
Issue the script command from the install_nd_root/bin directory:
./stopManager.sh
- As root, use operating system tools to change file permissions
on Linux and UNIX-based platforms. The following example assumes /opt/WebSphere/DeploymentManager
is the installation root:
chgrp wasgroup /opt/WebSphere chgrp wasgroup /opt/WebSphere/DeploymentManager chgrp -R wasgroup /opt/WebSphere/DeploymentManager/config chgrp -R wasgroup /opt/WebSphere/DeploymentManager/logs chgrp -R wasgroup /opt/WebSphere/DeploymentManager/wstemp chgrp -R wasgroup /opt/WebSphere/DeploymentManager/installedApps chgrp -R wasgroup /opt/WebSphere/DeploymentManager/temp chgrp -R wasgroup /opt/WebSphere/DeploymentManager/tranlog chmod g+wr /opt/WebSphere chmod g+wr /opt/WebSphere/DeploymentManager chmod -R g+wr /opt/WebSphere/DeploymentManager/config chmod -R g+wr /opt/WebSphere/DeploymentManager/logs chmod -R g+wr /opt/WebSphere/DeploymentManager/wstemp chmod -R g+wr /opt/WebSphere/DeploymentManager/installedApps chmod -R g+wr /opt/WebSphere/DeploymentManager/temp chmod -R g+wr /opt/WebSphere/DeploymentManager/tranlog
- Log in as wasadmin on the Network Deployment system.
- Start the deployment manager process with the startManager.sh script.
Issue the script command from the install_nd_root/bin directory:
./startManager.sh
Results
You can start a deployment manager process from a non-root user.
Running an Application Server from a non-root user and the nodeagent from root
Running an Application Server and node agent from a non-root user
Configuring deployment managers