9 Replies Latest reply: Aug 10, 2010 7:55 AM by 740547 RSS

    cannot switch to normal user after starting from root

    740547
      I am running the Weblogic server with non-root privilage and it works fine, then i start nodemanager and that also works fine and both of these errors dont show any error in the logs.

      After these 2 processes are started, i start startmanagedweblogic and that starts up fine and is running without any problems but i am seeing the below error in the logs. which means that the shift from root to wadmin user did not work right?

      can somebody pls comment on the issue and how to fix it.. I installed weblogic as root:root but now changed access for all folders and files to wadmin:wadmin so access should not be a problem.

      Below is the log with error that says cannot switch to user


      <Jul 2, 2010 10:49:49 AM UTC> <Critical> <WebLogicServer> <BEA-000254> <Cannot switch to user "wadmin". java.lang.IllegalArgumentException: Cannot initgroups("wadmin"), system error: 'Operation not permitted'
      java.lang.IllegalArgumentException: Cannot initgroups("wadmin"), system error: 'Operation not permitted'
      at weblogic.platform.Unix.setUser0(Native Method)
      at weblogic.platform.Unix.setUser(Unix.java:31)
      at weblogic.t3.srvr.SetUIDRendezvous.setUser(SetUIDRendezvous.java:121)
      at weblogic.t3.srvr.SetUIDRendezvous.makeUnPrivilegedFinal(SetUIDRendezvous.java:168)
      at weblogic.t3.srvr.SetUIDRendezvous.finish(SetUIDRendezvous.java:97)
      Truncated. see log file for complete stacktrace
      >
        • 1. Re: cannot switch to normal user after starting from root
          Faisal Khan
          what is the WLS Version?

          Is the POST BIND UID and POST BIND GUID checked in he console?
          U can check if under the Machine configuration.

          please paste ur config.xml here.
          • 2. Re: cannot switch to normal user after starting from root
            740547
            Yes, WLS version 10.3.3. I have configured POST BIND UID and POST BIND GUID in the console and machine config.

            I am able to start weblogic without any issue on port 7001 and 7002 but when i run startmanagedweblogic hosting XIMDD app, it starts but gives this error in the logs but it still works without any problem and it is also runs in via non-root user (checked it via ps -aux).

            give me sometime, i will paste my config.xml file.. I am not in office yet.
            • 3. Re: cannot switch to normal user after starting from root
              740547
              Attached is the domain config.xml file. Sorry for the late reply.

              Thank you.


              ----------------------------------
              <?xml version='1.0' encoding='UTF-8'?>
              <domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security/extension http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd">
              <name>basedomain</name>
              <domain-version>10.3.0.0</domain-version>
              <security-configuration>
              <name>basedomain</name>
              <realm>
              <sec:authentication-provider xsi:type="wls:default-authenticatorType">
              <sec:control-flag>SUFFICIENT</sec:control-flag>
              <wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
              </sec:authentication-provider>
              <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
              <sec:active-type>AuthenticatedUser</sec:active-type>
              </sec:authentication-provider>
              <sec:authentication-provider xmlns:ext="http://www.bea.com/ns/weblogic/90/security/extension" xsi:type="ext:oim-authenticatorType">
              <sec:name>OIMAuthenticator</sec:name>
              <sec:control-flag>SUFFICIENT</sec:control-flag>
              </sec:authentication-provider>
              <sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
              <sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
              <sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
              <sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
              <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
              <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
              <sec:name>myrealm</sec:name>
              </realm>
              <default-realm>myrealm</default-realm>
              <credential-encrypted>{3DES}7TY1Bja5LCOjfpXvv+qfB2hS181/WqSZfLeqyxcYHPONkiCjhSLYBXZVGsZYV9x1vk/17aU</credential-encrypted>
              <node-manager-username>NTCE1oLVYU</node-manager-username>
              <node-manager-password-encrypted>{3DES}B0FjjecqTrg73Ow==</node-manager-password-encrypted>
              </security-configuration>
              <jta>
              <timeout-seconds>1200</timeout-seconds>
              </jta>
              <server>
              <name>AdminServer</name>
              <machine>SERVER1_MACHINE</machine>
              <listen-address></listen-address>
              </server>
              <server>
              <name>SERVER1_SERVER</name>
              <ssl>
              <enabled>true</enabled>
              </ssl>
              <machine>SERVER1_MACHINE</machine>
              <listen-port>7003</listen-port>
              <listen-port-enabled>true</listen-port-enabled>
              <cluster>WLSVR_CLUSTER</cluster>
              <listen-address></listen-address>
              <java-compiler>javac</java-compiler>
              <server-start>
              <java-home>/var/Oracle/bea/jrockit_160_05</java-home>
              <class-path>/var/oim/server/xellerate/ext/jdbcpool-0.99.jar:/var/oim/server/xellerate/ext/xerces.jar:/var/oim/server/xellerate/lib/xlLogger.jar:/var/oim/server/xellerate/ext/log4j-1.2.8.jar:/var/oim/server/xellerate/lib/xlUtils.jar:/var/oim/server/xellerate/lib/xlCrypto.jar:$CLASSPATH</class-path>
              <bea-home>/var/Oracle/bea/wlserver_10.3/</bea-home>
              <arguments>-DXL.HomeDir=/var/oim/server/xellerate -Djava.security.auth.login.config=/var/oim/server/xellerate/config/authwl.conf -Dlog4j.configuration=file:/var/oim/server/xellerate/config/log.properties -Djava.awt.headless=true -Xms256m -Xmx1280m -XX:PermSize=128m -XX:MaxPermSize=256m</arguments>
              <username>weblogic</username>
              <password-encrypted>{3DES}0vnV/m1RR/LRjiWi2Zg==</password-encrypted>
              </server-start>
              <jta-migratable-target>
              <user-preferred-server>SERVER1_SERVER</user-preferred-server>
              <cluster>WLSVR_CLUSTER</cluster>
              </jta-migratable-target>
              <client-cert-proxy-enabled>false</client-cert-proxy-enabled>
              </server>
              <cluster>
              <name>WLSVR_CLUSTER</name>
              <cluster-messaging-mode>unicast</cluster-messaging-mode>
              <cluster-broadcast-channel></cluster-broadcast-channel>
              </cluster>
              <production-mode-enabled>true</production-mode-enabled>
              <embedded-ldap>
              <name>basedomain</name>
              <credential-encrypted>{3DES}qCRzMekh+Nw+4ndk8ZxYKaTUqQ1994+/vvM+k=</credential-encrypted>
              </embedded-ldap>
              <configuration-version>10.3.0.0</configuration-version>
              <app-deployment>
              <name>Xellerate</name>
              <target>WLSVR_CLUSTER</target>
              <module-type>ear</module-type>
              <source-path>/var/oim/server/xellerate/OIMApplications/WLXellerateFull.ear</source-path>
              <security-dd-model>DDOnly</security-dd-model>
              </app-deployment>
              <app-deployment>
              <name>Nexaweb</name>
              <target>WLSVR_CLUSTER</target>
              <module-type>ear</module-type>
              <source-path>/var/oim/server/xellerate/OIMApplications/WLNexaweb.ear</source-path>
              <security-dd-model>DDOnly</security-dd-model>
              </app-deployment>
              <app-deployment>
              <name>XIMDD</name>
              <target>WLSVR_CLUSTER</target>
              <module-type>war</module-type>
              <source-path>XIMDD.war</source-path>
              <security-dd-model>DDOnly</security-dd-model>
              </app-deployment>
              <machine xsi:type="unix-machineType">
              <name>SERVER1_MACHINE</name>
              <node-manager>
              <nm-type>SSL</nm-type>
              <listen-address>SERVER1</listen-address>
              <listen-port>5556</listen-port>
              <debug-enabled>false</debug-enabled>
              </node-manager>
              <post-bind-uid-enabled>true</post-bind-uid-enabled>
              <post-bind-uid>wlserveradmin</post-bind-uid>
              <post-bind-gid-enabled>true</post-bind-gid-enabled>
              <post-bind-gid>wlserveradmin</post-bind-gid>
              </machine>
              <jms-server>
              <name>SERVER1_SERVER_OIM_JMSSERVER</name>
              <target>SERVER1_SERVER</target>
              <persistent-store>SERVER1_SERVER_OIM_JDBCSTORE</persistent-store>
              </jms-server>
              <migratable-target>
              <name>SERVER1_SERVER (migratable)</name>
              <notes>This is a system generated default migratable target for a server. Do not delete manually.</notes>
              <user-preferred-server>SERVER1_SERVER</user-preferred-server>
              <cluster>WLSVR_CLUSTER</cluster>
              </migratable-target>
              <jdbc-store>
              <name>SERVER1_SERVER_OIM_JDBCSTORE</name>
              <prefix-name>SERVER1_SERVER_</prefix-name>
              <data-source>xlDS</data-source>
              <target>SERVER1_SERVER</target>
              </jdbc-store>
              <jms-system-resource>
              <name>OIM_JMS_MODULE</name>
              <target>WLSVR_CLUSTER</target>
              <sub-deployment>
              <name>OIM_JMS_SUBDEPLOYMENT</name>
              <target>WLSVR_CLUSTER</target>
              </sub-deployment>
              <descriptor-file-name>jms/oim_jms_module-jms.xml</descriptor-file-name>
              </jms-system-resource>
              <admin-server-name>AdminServer</admin-server-name>
              <jdbc-system-resource>
              <name>xlDS</name>
              <target>WLSVR_CLUSTER</target>
              <descriptor-file-name>jdbc/xlDS-0899-jdbc.xml</descriptor-file-name>
              </jdbc-system-resource>
              <jdbc-system-resource>
              <name>xlXADS</name>
              <target>WLSVR_CLUSTER</target>
              <descriptor-file-name>jdbc/xlXADS-2644-jdbc.xml</descriptor-file-name>
              </jdbc-system-resource>
              </domain>
              • 4. Re: cannot switch to normal user after starting from root
                740547
                I even changed the user to new user wlserveradmin but still i get the same error. I am attaching the config.xml and below is the error that i am getting in the logs.


                <Critical> <WebLogicServer> <BEA-000254> <Cannot switch to user "wlserveradmin". java.lang.IllegalArgumentException: Cannot initgroups("wlserveradmin"), system error: 'Operation not permitted'
                java.lang.IllegalArgumentException: Cannot initgroups("wlserveradmin"), system error: 'Operation not permitted'
                at weblogic.platform.Unix.setUser0(Native Method)
                at weblogic.platform.Unix.setUser(Unix.java:31)
                at weblogic.t3.srvr.SetUIDRendezvous.setUser(SetUIDRendezvous.java:121)
                at weblogic.t3.srvr.SetUIDRendezvous.makeUnPrivilegedFinal(SetUIDRendezvous.java:168)
                at weblogic.t3.srvr.SetUIDRendezvous.finish(SetUIDRendezvous.java:97)
                Truncated. see log file for complete stacktrace
                • 5. Re: cannot switch to normal user after starting from root
                  740547
                  Any thoughts ?
                  • 6. Re: cannot switch to normal user after starting from root
                    Faisal Khan
                    i dont see that u have enabled post bind uid and guid from the config.xml.
                    Can u check again in weblogic console?
                    • 7. Re: cannot switch to normal user after starting from root
                      740547
                      I have enabled it from the console, I also checked it again and it is still checked, Post BIND UID and GUID are enabled from console. should i check config.xml ?
                      • 8. Re: cannot switch to normal user after starting from root
                        740547
                        it is enabled even in config.xml file. is there any where else i need to configure?

                        Thanks
                        • 9. Re: cannot switch to normal user after starting from root
                          740547
                          I am still looking for solutions.. any idea ?