Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
2 replies Latest Post - ‏2012-05-30T23:36:56Z by BMerrill
BMerrill
BMerrill
19 Posts
ACCEPTED ANSWER

Pinned topic Non root userid implementation

‏2012-05-30T00:32:06Z |
We are installing TUAM 7.3 as a non root userid.

As we continue to install TUAM as a nonroot userid, some people still want to start TUAM under root.
This works but files once owned by nonroot, are now owned by root.
We stop TIP, change file ownership to our install userid and start as nonroot.

That made we wonder. If I have root installed TIP/TUAM, can I simply change the file ownership of all TUAM and TIP file and directories and start TUAM under another userid? It seems all TIP needs is write permission to the files to create lock files when executing.

I've done this and TUAM seems to be functioning well. The processes run under the nonroot userid, I can log into TIP and I can execute command line functions.

Is there any reason why what I did will not work?

Maybe the function will break in Deployment Engine? I've not attempted changing file ownership or applying a patch.

In addition, I noticed the setupEnv.sh in the TUAM bin directory has the INSTALL_USER set to root even for systems we installed as nonroot, so I suspect this environment setting is not used anymore, Can someone confirm this?
Updated on 2012-05-30T23:36:56Z at 2012-05-30T23:36:56Z by BMerrill
  • DavidO'Shea
    DavidO'Shea
    14 Posts
    ACCEPTED ANSWER

    Re: Non root userid implementation

    ‏2012-05-30T07:55:06Z  in response to BMerrill
    Hi,

    Firstly, you are correct - INSTALL_USER is no longer used for anything so the value set there is irrelevant.

    Regarding changing the ownership after the install, there can be issues with this, related to - as you've guessed - deployment engine. Any operations using DE (such as applying fixpacks) would probably need to be done as the user who originally did the install, and this would likely result in mixed file ownership under TUAM_HOME again. There may also be issues subsequently when upgrading to a new major release.

    For a non-root install, DE gets installed under that user's home directory and as such will not be seen by any other user (including root).

    For a root install, DE gets installed globally and MAY be seen by other users, depending on the security configuration. You can see (and adjust) the configuration using the de_security.sh script:

    ~/.acsi_tuam/bin $ ./de_security.sh
    The current security setting is singleUser (tuam)
    The current user (tuam) has access to Deployment Engine.

    Regards,

    David.
  • BMerrill
    BMerrill
    19 Posts
    ACCEPTED ANSWER

    Re: Non root userid implementation

    ‏2012-05-30T23:36:56Z  in response to BMerrill
    Thank you for the quick response.
    On the system I've changed file ownership, I see the DE has a security setting to global.
    I attempted a few scenarios moving DE files around and changing permissions to get the DE engine to be recognized, but was not able to trick it.
    I did not go so far to update directory names in the DE files and scripts.

    Still, it is good to know that TUAM can be changed to run as nonroot after installation.
    We just need to run the fix packs under root for DE and then change the file permissions after.