I'm endeavouring to write a startup script, to exist in /etc/init.d, on Linux for starting up the appropriate servers for WebSphere Portal as part of the boot process when the server starts up.

This part works fine.

However, I then wanted to extend that by having a wrapper script call this boot script, with the SUID set, so that any user could restart the portal environment without having to login as root.

So the scenario is:

1) bootscript.sh which exists in /etc/init.d and has a symlink in /etc/rc6.d to that script.

2) /usr/local/bin/wps_restart which is set as 6755 and contains the following commands:

/etc/init.d/bootscript.sh stop
/etc/init.d/bootscript.sh start


When this script is called as a regular user, the STOP capability works fine. But when the start command is called, the following error is produced:



ADMU0116I: Tool information is being logged in file
/opt/IBM/WebSphere/AppServer/profiles/wp_profile/logs/server1/startServer.log
ADMU0128I: Starting tool with the wp_profile profile
ADMU3100I: Reading configuration for server: server1
ADMU3200I: Server launched. Waiting for initialization status.
ADMU3011E: Server launched but failed initialization. startServer.log,
SystemOut.log(or job log in zOS) and other log files under
/opt/IBM/WebSphere/AppServer/profiles/wp_profile/logs/server1 should
contain failure information.

ERROR: An error occurred in starting up 'server1'



When performing a startup as a non-root user, you do need to ensure the log directory has write permissions but I would have thought with SUID set, this wouldn't matter. It seems that it does. By my reckoning, its not truly running as root as I would expect a script with SUID set to do.

Can anyone suggest a different or better way to allow non-root users to reboot the portal server without giving away root access ? (aside from enabling LDAP of course !)


Thanks

Mavster