Wednesday, March 5, 2008

Running WAS for TMTP on UNIX as a non-root user

For security reasons, you may want to run your TMTP WebSphere installation as a non-root user. This entry gives tips on some of the changes that need to be made to do this.

Using all of the default installation options on UNIX, the main problems you'll encounter will be due to issues with permissions, and these are easily fixed. Specifically, let's say you have WebSphere installed under /usr/WebSphere/AppServer, and you have the TMTP Management Server software installed under /opt/ibm/tivoli/MS, and you want to run WebSphere as the user "tmtp". You should run the following commands:

chown -R tmtp /usr/WebSphere/AppServer
chown -R tmtp /opt/ibm/tivoli/MS
chown -R tmtp /var/ibm/tivoli/common/BWM

That last command is required so that TMTP can write to its own log files.

There are some other issues that you may encounter if you want to use LDAP authentication for WebSphere. The main problem I've seen is that you cannot stop WAS with "". This is caused by the fact that the installation of TMTP will normally turn on WAS global security, but it will not update the client.soap.props file. So what you need to do is edit the /usr/WebSphere/AppServer/properties/soap.client.props file and add the following lines (you'll see where once you view the file):

# JMX SOAP connector identity

That will hopefully get things going for you!

No comments: