This content has been marked as final. Show 3 replies
On Unix based system (Linux, Solaris ..), only super user (root) can start any process on port <= 1024 . From security reasons its is not desirable to run WebLogic server as root user. Solution is to start WebLogic process as root (bind on port 80, 443) and then switch process to non privileged user like oraweblogic or nobody.
This is done by setting four properties in WebLogic -
weblogic.system.enableSetUID (Set User ID)
weblogic.system.enableSetGID (Set Group ID)
weblogic.system.nonPrivUser(Non privledged user)
weblogic.system.nonPrivGroup(Non privledged Group)
1. By setting value of enableSetUID to true; you are instructing weblogic server to switch from ROOT(after starting weblogic server on port 80, 443 or <=1024) to lower privileged user.
2. Value assigned to nonPrivUser will be used to own weblogic server process, once its been started by superuser in port <= 1024
3. Ensure that lower privileged user should have proper access (read, write or both depending on type of type) on files (log, classes..) required by weblogic server.
the above is true for all the secnario where the root user has started the WLS server over any port and if he has to switch to some other non root user also.
Edited by: sandeep_singh on Mar 24, 2010 5:17 PM
Edited by: sandeep_singh on Mar 24, 2010 5:19 PM
Actually the mentioned settings are required even if the Weblogic server is running on the port greater than 1024 on UNIX.
The point here is that if the weblogic instance has been started with the root user and then if you want to switch to any non-root user to access any resource from the Admin Server Console then you will have to set these configurations.