3 Replies Latest reply: Mar 26, 2010 3:34 AM by 761919 RSS

    <BEA-000254> <Cannot switch to user "XXXXX". java.lang.IllegalArgumentExcep

    761919
      I am getting "Cannot initgroups" for a userr even after enabling "Enable Post-Bind UID & GID

      I have executed chown and chmod -R 755 again & even after that this error is shooted


      <Mar 24, 2010 3:18:28 AM EDT> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.128.229.251:7301 for protocols iiop, t3, ldap, snmp, http.>
      <Mar 24, 2010 3:18:28 AM EDT> <Critical> <WebLogicServer> <BEA-000254> <Cannot switch to user "XXXXX". java.lang.IllegalArgumentException: Cannot initgroups("XXXXX"), system error: 'Not owner'
      java.lang.IllegalArgumentException: Cannot initgroups("XXXXX"), system error: 'Not owner'
      at weblogic.platform.Unix.setUser0(Native Method)
      at weblogic.platform.Unix.setUser(Unix.java:31)
      at weblogic.t3.srvr.SetUIDRendezvous.setUser(SetUIDRendezvous.java:120)
      at weblogic.t3.srvr.SetUIDRendezvous.makeUnPrivilegedFinal(SetUIDRendezvous.java:167)
      at weblogic.t3.srvr.SetUIDRendezvous.finish(SetUIDRendezvous.java:96)
      Truncated. see log file for complete stacktrace
        • 1. Re: <BEA-000254> <Cannot switch to user "XXXXX". java.lang.IllegalArgumentExcep
          sandeep_singh
          On Unix based system (Linux, Solaris ..), only super user (root) can start any process on port <= 1024 . From security reasons its is not desirable to run WebLogic server as root user. Solution is to start WebLogic process as root (bind on port 80, 443) and then switch process to non privileged user like oraweblogic or nobody.

          This is done by setting four properties in WebLogic -

          weblogic.system.enableSetUID (Set User ID)
          weblogic.system.enableSetGID (Set Group ID)
          weblogic.system.nonPrivUser(Non privledged user)
          weblogic.system.nonPrivGroup(Non privledged Group)

          1. By setting value of enableSetUID to true; you are instructing weblogic server to switch from ROOT(after starting weblogic server on port 80, 443 or <=1024) to lower privileged user.

          2. Value assigned to nonPrivUser will be used to own weblogic server process, once its been started by superuser in port <= 1024

          3. Ensure that lower privileged user should have proper access (read, write or both depending on type of type) on files (log, classes..) required by weblogic server.

          the above is true for all the secnario where the root user has started the WLS server over any port and if he has to switch to some other non root user also.

          Thanks,
          Sandeep

          Edited by: sandeep_singh on Mar 24, 2010 5:17 PM

          Edited by: sandeep_singh on Mar 24, 2010 5:19 PM
          • 2. Re: <BEA-000254> <Cannot switch to user "XXXXX". java.lang.IllegalArgumentExcep
            761919
            Instnace is running on 7301 - not less than 1024
            • 3. Re: <BEA-000254> <Cannot switch to user "XXXXX". java.lang.IllegalArgumentExcep
              sandeep_singh
              Actually the mentioned settings are required even if the Weblogic server is running on the port greater than 1024 on UNIX.
              The point here is that if the weblogic instance has been started with the root user and then if you want to switch to any non-root user to access any resource from the Admin Server Console then you will have to set these configurations.

              thanks,
              Sandeep