Non-root installation of IBM Security Guardium Key Lifecycle Manager on Linux systems

You can install IBM® Security Guardium® Key Lifecycle Manager as a non-root user on Linux® operating systems.

Best practices and guidelines for a non-root installation of IBM Security Guardium Key Lifecycle Manager on Linux systems

When you plan your non-root installation of IBM Security Guardium Key Lifecycle Manager on Linux systems, there are a number of best practices to consider. Review these best practices before you start your installation.
  • Ensure that the non-root user belongs to a non-root primary group. The non-root user must have a primary group other than guests, admins, users, and local.
  • The home directory for non-root user ($HOME) must point to the correct location. For example: /home/user_name
  • Verify that the previous installation (if any) of IBM Security Guardium Key Lifecycle Manager and Db2® in the system are removed without any remnants.
  • When you install IBM Security Guardium Key Lifecycle Manager, Prerequisite Scanner for non-root installation might fail. Ensure that all the prerequisites that are indicated in the Prerequisite Scanner check are met except for the requirement for Administrator privileges before you proceed with the installation.
    To continue with the installation, skip running Prerequisite Scanner. To skip the prerequisite scan, create sklmInstall.properties file in the /tmp directory with the following property.
    SKIP_PREREQ=true
  • Ensure that the kernel settings at the operating-system level are correct for Db2 installation. For more information about Db2 kernel settings, see Db2 documentation at: https://www.ibm.com/docs/en/db2/11.5?topic=unix-modifying-kernel-parameters-linux
  • During the installation, ensure that the database Administrator ID is the same as the non-root user who is logged on to the system for running the installation process. Ensure the following requirements for the database Administrator ID:
    • Maximum length of the database Administrator ID is 8 characters.
    • Password for the database Administrator ID is the same as the operating system level password for the non-root user.
    • Database Administrator group is the same as the primary group of the non-root user at the operating system level.
    • Database home points to the home directory of the non-root user.
  • You cannot install IBM Security Guardium Key Lifecycle Manager as a non-root user in silent mode.
  • Migration from the earlier versions of IBM Security Guardium Key Lifecycle Manager to non-root installation of version 4.2 is not supported.
  • Db2 might not start on system boot when installed as a non-root user. Correct by starting Db2 before WebSphere® Application Server Liberty starts. Run the nonrootconfig.sh script after installer completed the installation.
  • The Db2 admin group name cannot be longer than 8 characters.
  • After you run the nonrootconfig.sh command, and when WebSphere Liberty is started, you might get the error message No DB connected on IBM Security Guardium Key Lifecycle Manager user interface. To resolve this issue, restart Db2 and then restart the IBM Security Guardium Key Lifecycle Manager server.