WebSphere Application Server with "runas" behavior if non-root is used
Technote (troubleshooting)
Problem(Abstract)
WebSphere Application Server will fail in the following scenario:
"UserA" starts a server that was set with runas="UserB", even if the UserA and UserB are in the same primary group.
The only users that can start the servers will be root or UserB.
"UserA" starts a server that was set with runas="UserB", even if the UserA and UserB are in the same primary group.
The only users that can start the servers will be root or UserB.
Symptom
You might see some inaccurate exceptions in the log files:
| ADMU0111E: Program exiting with error: com.ibm.ws.process.exception.InvalidGroupException: PROC0002E: Group: [wasgroup] does not appear to be valid on this system. Process could not be created. |
Cause
From an operating system standpoint, WebSphere Application Server would have to use an OS call to change the owner of a process (something similar to what sudo does, suid etc) but only root can run them.
Resolving the problem
If UserA has to be able to start the server as well as UserB,
- Make sure UserA and UserB have the same primary group.
- Clear out the runas JVM property.
- Make sure the file permissions are correctly set.
The server process will then show the user that started it as the owner, there will not be any reassignment to a different user as runas is now empty.
댓글 없음:
댓글 쓰기