Configuring the shared data folder as a non-root user

HCL Docs supports non-root configuration for the shared data folder.

Before you begin

When the WebSphere® Application Server process is started by a non-root user, the shared data folder must be configured as non-root. Ensure that HCL Docs and the Document Format Conversion server have permission to access the shared data folder that is defined in each properties file.
Important:
Make sure that the non-root users for the NFS server and NFS client (Linux) share a UID or GID. If not, you must use the adduser -u user-id user-name command to add users that share a user ID or group ID.

Procedure

  1. Configure the NFS server (Linux) as follows:
    1. Confirm that a non-root user and related home directory exist.
      For example, the non-root user is named nonroot.
    2. Assume that you want to point the folder at /local/home/nonroot/data/shared.
    3. Make sure that the following directory grants non-root users read, write, and run permissions:
      • /local/home/nonroot/data/shared
      • /etc/exports
      • /var/lock/subsys
      • /var/run
    4. Add the NFS export item to /etc/exports file, for example: /local/home/nonroot/data/shared *(insecure,rw,async,no_root_squash)
    5. Ask root users to grant sudo permissions for the NFS service command:
      1. Log in with root user credentials.
      2. In the shell window, type visudo.
      3. Add the grant command line to the end of file as follows: nonroot hostname=/etc/rc.d/init.d/nfslock,/etc/rc.d/init.d/nfs,/etc/rc.d/init.d/portmap

        Where nonroot is the non-root user name and hostname is the short local host name.

        The command path is the abstract path of the user and host names: portmap,nfslock,nfs.

      4. Save the sudo file and exit.
    6. Start NFS services with the non-root user.
      For example:
      1. sudo /etc/rc.d/init.d/portmap start
      2. sudo /etc/rc.d/init.d/nfslock start
      3. sudo /etc/rc.d/init.d/nfs start
  2. If the NFS client is also on Linux, configure it as follows:
    1. Confirm that a non-root user and related home directory exist.
      For example, the non-root user is named nonroot.
    2. Assume that you want to point the folder at /local/home/nonroot/data/shared.
    3. Make sure that the following directory grants non-root users read, write, and run permissions:
      • /local/home/nonroot/data/shared
      • /etc/fstab
      • /var/lock/subsys
      • /var/run
    4. Ask root users to grant sudo permissions for the NFS service command:
      1. Log in with root user
      2. In the shell window, type visudo.
      3. Add the grant command line to the end of file as follows: nonroot hostname=/etc/rc.d/init.d/portmap,/bin/mount,/bin/umount

        Where nonroot is the non-root user name and hostname is the short local host name.

        The command path is the abstract path of the user and host names: portmap,mount,nmount

      4. Save the sudo file and exit.
    5. Mount the NFS server with the non-root user.
      For example:
      1. sudo /etc/rc.d/init.d/protmap start
      2. sudo /bin/mount -t nfs -o sec=sys,bg,soft,retry=1,timeo=60,actimeo=0,nfsvers=3 [nfs server hostname]:/local/home/nonroot/data/shared /local/home/nonroot/data/shared
        Note: The first occurrence of /local/home/nonroot/data/shared is the folder path of the NFS server. The second occurrence is local folder path of NFS client.
  3. If the NFS client is on Windows, configure it as follows:
    1. Confirm that a standard user (non-administrator) exists.
      For example, the non-administrator user is named nonadmin.
    2. As the administrative user, install the NFS service with Administrator permission by running the following command:

      servermanagercmd.exe -install FS-NFS-Services

    3. As the administrative user, in the registry key, add two DWORD values, AnonymousUid and AnonymousGid, to this location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default.
      Make the settings for these values the same as for the values of the NFS server user's ID, in decimal.
    4. Restart the NFS client service with as follows: 
      nfsadmin client stop
nfsadmin client start
    Note:
    1. On Windows, you can manually mount the NFS server by using the command: mount -o acdirmin=0 mtype=soft retry=10 timeout=6 casesensitive=yes anon [nfs server hostname]:/local/home/nonroot/data/shared y:
    2. On Windows, when you define the shared data server in cfg.properties, you can type the ip address or server domain name, like as follows: conversion_shared_data_server = 9.181.137.167.
    3. There are several ways to grant the non-root user read, write, and run permissions. One way is to change the group of the target directory to the non-root group and then grant the group the permissions for example:
      chgrp -R <non-root_user_group> <app_server_root>
chmod -R g+wrx <app_server_root>
      Where <non-root_user_group> is a user group that contains the non-root user account and <app_server_root> is the target directory.