Startup Scripts for WebSphere Portal - Permissions Problem
I'm endeavouring to write a startup script, to exist in /etc/init.d, on Linux for starting up the appropriate servers for WebSphere Portal as part of the boot process when the server starts up.
This part works fine.
However, I then wanted to extend that by having a wrapper script call this boot script, with the SUID set, so that any user could restart the portal environment without having to login as root.
So the scenario is:
1) bootscript.sh which exists in /etc/init.d and has a symlink in /etc/rc6.d to that script.
2) /usr/local/bin/wps_restart which is set as 6755 and contains the following commands:
When this script is called as a regular user, the STOP capability works fine. But when the start command is called, the following error is produced:
ADMU0116I: Tool information is being logged in file
ADMU0128I: Starting tool with the wp_profile profile
ADMU3100I: Reading configuration for server: server1
ADMU3200I: Server launched. Waiting for initialization status.
ADMU3011E: Server launched but failed initialization. startServer.log,
SystemOut.log(or job log in zOS) and other log files under
contain failure information.
ERROR: An error occurred in starting up 'server1'
When performing a startup as a non-root user, you do need to ensure the log directory has write permissions but I would have thought with SUID set, this wouldn't matter. It seems that it does. By my reckoning, its not truly running as root as I would expect a script with SUID set to do.
Can anyone suggest a different or better way to allow non-root users to reboot the portal server without giving away root access ? (aside from enabling LDAP of course !)
Re: Startup Scripts for WebSphere Portal - Permissions Problem
Change the ownership of the WebSphere folder to user wasadmin and
group was for example.
Modify the soap.client.props file under properties folder and put in
the username and password that is required if security is turned on.
This should allow you to stop and start the server using wasadmin
You can add additional users to the was group to allow them to stop
and start the servers.
Sudo Access is another way of allowing non root users to stop and