Configuring the shared data folder as a non-root user

IBM Docs supports non-root configuration for the shared data folder.

Before you begin

When the WebSphere® Application Server process is started by a non-root user, the shared data folder must be configured as non-root. Ensure that IBM Docs and the Document Format Conversion server have permission to access the shared data folder that is defined in each properties file.
Important:
Make sure that the non-root users for the NFS server and NFS client (Linux™) share a UID or GID. If not, you must use the adduser -u user-id user-name command to add users that share a user ID or group ID.

Procedure

  1. Configure the NFS server (Linux) as follows:
    1. Confirm that a non-root user and related home directory exist.
      For example, the non-root user is named nonroot.
    2. Assume that you want to point the folder at /local/home/nonroot/data/shared.
    3. Make sure that the following directory grants non-root users read, write, and run permissions:
      • /local/home/nonroot/data/shared
      • /etc/exports
      • /var/lock/subsys
      • /var/run
    4. Add the NFS export item to /etc/exports file, for example: /local/home/nonroot/data/shared *(insecure,rw,async,no_root_squash)
    5. Ask root users to grant sudo permissions for the NFS service command:
      1. Log in with root user credentials.
      2. In the shell window, type visudo.
      3. Add the grant command line to the end of file as follows: nonroot hostname=/etc/rc.d/init.d/nfslock,/etc/rc.d/init.d/nfs,/etc/rc.d/init.d/portmap

        Where nonroot is the non-root user name and hostname is the short local host name.

        The command path is the abstract path of the user and host names: portmap,nfslock,nfs.

      4. Save the sudo file and exit.
    6. Start NFS services with the non-root user.
      For example:
      1. sudo /etc/rc.d/init.d/portmap start
      2. sudo /etc/rc.d/init.d/nfslock start
      3. sudo /etc/rc.d/init.d/nfs start
  2. If the NFS client is also on Linux, configure it as follows:
    1. Confirm that a non-root user and related home directory exist.
      For example, the non-root user is named nonroot.
    2. Assume that you want to point the folder at /local/home/nonroot/data/shared.
    3. Make sure that the following directory grants non-root users read, write, and run permissions:
      • /local/home/nonroot/data/shared
      • /etc/fstab
      • /var/lock/subsys
      • /var/run
    4. Ask root users to grant sudo permissions for the NFS service command:
      1. Log in with root user
      2. In the shell window, type visudo.
      3. Add the grant command line to the end of file as follows: nonroot hostname=/etc/rc.d/init.d/portmap,/bin/mount,/bin/umount

        Where nonroot is the non-root user name and hostname is the short local host name.

        The command path is the abstract path of the user and host names: portmap,mount,nmount

      4. Save the sudo file and exit.
    5. Mount the NFS server with the non-root user.
      For example:
      1. sudo /etc/rc.d/init.d/protmap start
      2. sudo /bin/mount -t nfs -o sec=sys,bg,soft,retry=1,timeo=60,actimeo=0,nfsvers=3 [nfs server hostname]:/local/home/nonroot/data/shared /local/home/nonroot/data/shared
        Note: The first occurrence of /local/home/nonroot/data/shared is the folder path of the NFS server. The second occurrence is local folder path of NFS client.
  3. If the NFS client is on Windows™, configure it as follows:
    1. Confirm that a standard user (non-administrator) exists.
      For example, the non-administrator user is named nonadmin.
    2. As the administrative user, install the NFS service with Administrator permission by running the following command:

      servermanagercmd.exe -install FS-NFS-Services

    3. As the administrative user, in the registry key, add two DWORD values, AnonymousUid and AnonymousGid, to this location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default.
      Make the settings for these values the same as for the values of the NFS server user's ID, in decimal.
    4. Restart the NFS client service with as follows: 
      nfsadmin client stop
nfsadmin client start
    Note:
    1. On Windows, you can manually mount the NFS server by using the command: mount -o acdirmin=0 mtype=soft retry=10 timeout=6 casesensitive=yes anon [nfs server hostname]:/local/home/nonroot/data/shared y:
    2. On Windows, when you define the shared data server in cfg.properties, you can type the ip address or server domain name, like as follows: conversion_shared_data_server = 9.181.137.167.
    3. There are several ways to grant the non-root user read, write, and run permissions. One way is to change the group of the target directory to the non-root group and then grant the group the permissions for example:
      chgrp -R <non-root_user_group> <app_server_root>
chmod -R g+wrx <app_server_root>
      Where <non-root_user_group> is a user group that contains the non-root user account and <app_server_root> is the target directory.