Network Deployment (Distributed operating systems), v8.0 > Set up the application serving environment > Manage profiles on non-z/OS operating systems
Manage profiles for non-root users
The non-root user can receive permissions for files and directories so that the non-root user can create a profile.
This task assumes a basic familiarity with manageprofiles.sh, the Profile Management Tool, and system commands.
This task uses the following terms:
- Root users refers to:
- (Solaris) (AIX) Root users
- (Windows) Administrators
- Non-root users refers to:
- (Solaris) (AIX) Non-root users
- (Windows) Non-administrators
- Installer refers to a root user or a non-root user.
Remember: An ease-of-use limitation exists for non-root users who create profiles. Mechanisms within the Profile Management Tool that suggest unique names and port values are disabled for non-root users. The non-root user must change the default field values in the Profile Management Tool for the profile name, node name, cell name, and port assignments. Consider assigning non-root users a range of values for each of the fields. We can assign responsibility to the non-root users for adhering to their assigned value ranges and for maintaining the integrity of their own definitions.
Non-root users might typically need these tasks completed so that they can start their own application servers in development environments. For instance, an application developer might test an application on a application server in a profile assigned to that application developer.
Procedure
- Create a profile as an installer and assign ownership to a non-root user.
This topic describes how the installer creates a profile and assigns ownership of the profile directory to a non-root user so that the non-root user can start the application server for a specific profile.
- Grant write permission of files and directories to a non-root user for profile creation.
This topic describes how an installer authorizes a group to certain files and directories so that non-root users in the group can create profiles.
- Install maintenance as an installer and change the ownership of profile-related files.
This topic describes how to install product maintenance and change the ownership of new profile files to the non-root user that owns the profile. The installer changes ownership of the files so that the non-root user can then successfully start the application server.
Results
Depending on the tasks that the installer followed, the installer has completed the following actions:
- Created a profile for a non-root user and assigned ownership of the profile directory to the non-root user
- Granted permission to the appropriate directories so that non-root users can create profiles
- After installing maintenance, changed ownership of new profile files in a directory that is owned by a non-root user, so that the non-root user can successfully start the application server
Connections to the Derby database might not work, and you might see errors like the following in the logs:
java.io.FileNotFoundException: C:\IBM\WebSphere\AppServer\derby\derby.log (Access is denied.)This can happen when files under WAS_HOME are read-only. We can configure Derby to write its log to another location by setting the following property in the WAS_HOME/derby/derby.properties file# This property can be set to make Derby log to System.err. This is useful if you # do not have write permission to the default location: WAS_HOME/derby/derby.log derby.stream.error.field=java.lang.System.err
What to do next
Depending on the tasks that the installer completes, a non-root user can create a profile, start WAS, or do both.
Related
Assign profile ownership to a non-root user
Grant write permission for profile-related tasks
Change ownership for profile maintenance