Assigning profile ownership to a non-root user

An installer can create a profile and assign ownership of the profile directory to a non-root user so that the non-root user can start the product for a specific profile.

Before you begin

This task assumes a basic familiarity with the manageprofiles command and system commands.

This task uses the following terms:

Root users refers to:
- Root users
- Administrators
Non-root users refers to:
- Non-root users
- Non-administrators
Installer refers to a root user or a non-root user.

Before you can create a profile, you must install the product.

About this task

Have the installer perform the following steps to create a profile and assign ownership for the profile directory and the logs directory. The ownership is assigned to a non-root user ID that is different from the installer ID. The non-root user needs access to these directories to start the product.

This example creates a default profile.

The commands are split on multiple lines for printing purposes.

Procedure

Create the profile by issuing the following code from a command prompt:

./manageprofiles.sh -create -profileName profile01 -profilePath
app_server_root/profiles/profile01 -templatePath 
app_server_root/profileTemplates/default

manageprofiles.bat -create -profileName profile01 -profilePath 
app_server_root\profiles\profile01 -templatePath 
app_server_root\profileTemplates\default

Change ownership of the profile01 profile directory to the user1 non-root user.
For example, issue the following command:
```
chown -R user1 app_server_root/profiles/profile01
```
Follow instructions in the Windows documentation to grant user1 access to the following directory:
```
app_server_root\profiles\profile01
```
Change the ownership of the logs directory for the profile01 profile to the user1 non-root user to prevent displaying log messages to the console.
Issue the following command:
```
chown -R user1 app_server_root/logs/manageprofiles/profile01
```
Follow instructions in the Windows documentation to grant user1 access to the following directory:
```
app_server_root\logs\manageprofiles\profile01
```

Results

The installer has created a default profile and changed ownership of the profile directory and log directory to a non-root user.

What to do next

As the installer, you can continue to create profiles and assign ownership to non-root users as needed.

A non-root user ID can manage multiple profiles and can run the same tasks as a root user . For a particular profile, use the same non-root user ID to manage the entire profile. This guidance applies whether the profile is the deployment manager, a profile that contains the application servers and the node agent, or a custom profile. Profile management includes running any command-line scripts that might act on the profile, such as startServer.sh, wsadmin.sh, syncNode.sh, managesdk.sh, and manageprofile.sh. Running these scripts with an alternative user ID, such as a root user ID, might cause other scripts to fail due to mismatched file permissions. In general, start any processes that run on a profile from the same user ID, or from user IDs with compatible file permissions. For example, if you run the deployment manager as the wasuser user ID and then also run the command line tool to generate plug-ins on that same profile, run the tool as wasuser

A different user ID can be used for each profile in a cell, whether or not global security or administrative security is enabled. The user IDs within a cell can be a mix of root and non-root user IDs. For example, the root user might manage the deployment manager profile, while a non-root user might manage a profile that contains application servers and the node agent, or vice versa. However, typically, either a root user or a non-root user manages all the profiles in a particular cell.