Startup Scripts for WebSphere Portal - Permissions Problem - Websphere

This is a discussion on Startup Scripts for WebSphere Portal - Permissions Problem - Websphere ; I'm endeavouring to write a startup script, to exist in /etc/init.d, on Linux for starting up the appropriate servers for WebSphere Portal as part of the boot process when the server starts up. This part works fine. However, I then ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Startup Scripts for WebSphere Portal - Permissions Problem

  1. Startup Scripts for WebSphere Portal - Permissions Problem


    I'm endeavouring to write a startup script, to exist in /etc/init.d, on Linux for starting up the appropriate servers for WebSphere Portal as part of the boot process when the server starts up.

    This part works fine.

    However, I then wanted to extend that by having a wrapper script call this boot script, with the SUID set, so that any user could restart the portal environment without having to login as root.

    So the scenario is:

    1) bootscript.sh which exists in /etc/init.d and has a symlink in /etc/rc6.d to that script.

    2) /usr/local/bin/wps_restart which is set as 6755 and contains the following commands:

    /etc/init.d/bootscript.sh stop
    /etc/init.d/bootscript.sh start


    When this script is called as a regular user, the STOP capability works fine. But when the start command is called, the following error is produced:



    ADMU0116I: Tool information is being logged in file
    /opt/IBM/WebSphere/AppServer/profiles/wp_profile/logs/server1/startServer.log
    ADMU0128I: Starting tool with the wp_profile profile
    ADMU3100I: Reading configuration for server: server1
    ADMU3200I: Server launched. Waiting for initialization status.
    ADMU3011E: Server launched but failed initialization. startServer.log,
    SystemOut.log(or job log in zOS) and other log files under
    /opt/IBM/WebSphere/AppServer/profiles/wp_profile/logs/server1 should
    contain failure information.

    ERROR: An error occurred in starting up 'server1'



    When performing a startup as a non-root user, you do need to ensure the log directory has write permissions but I would have thought with SUID set, this wouldn't matter. It seems that it does. By my reckoning, its not truly running as root as I would expect a script with SUID set to do.

    Can anyone suggest a different or better way to allow non-root users to reboot the portal server without giving away root access ? (aside from enabling LDAP of course !)


    Thanks

    Mavster

  2. Re: Startup Scripts for WebSphere Portal - Permissions Problem

    Change the ownership of the WebSphere folder to user wasadmin and
    group was for example.

    Modify the soap.client.props file under properties folder and put in
    the username and password that is required if security is turned on.

    This should allow you to stop and start the server using wasadmin
    account.

    You can add additional users to the was group to allow them to stop
    and start the servers.

    Sudo Access is another way of allowing non root users to stop and
    start servers.


+ Reply to Thread