Running the Linux GroupWise Agents as a Non-root User

  • 7000315
  • 02-May-2008
  • 08-Nov-2012

Environment

Products:
Novell GroupWise 7
Novell Open Enterprise Server (Linux based)
Novell SUSE Linux Enterprise Server 9
Novell SUSE Linux Enterprise Server 10

Situation

Symptoms:
Running the Linux GroupWise Agents as a Non-root User
How to run the Linux GroupWise Agents as a Non-root User

Resolution

It is possible to configure the POA, the MTA and ther Internet Agent to run as a non-root user. The WebAccess Agent, with its accompanying Viewer agent, still run as root.
Corrective Steps:
1. Login as root user on the Linux server.
2. Select a Linux user for the agents to run as. It may be preferable to create a new user specifically for this purpose, perhaps named 'gwagents'.
3. Change to the groupwise directory under /etc by entering the following command on the terminal.
cd /etc/opt/novell/groupwise
4. Create a new directory called agents, the change to that directory.
mkdir agents
cd agents
5. Create a file named uid.conf and enter the selected username in the file, for example 'gwagents', and save the file.
6. Delete the uid.run file from domain, post office directory and GWIA directory serviced by the agent (if it's in there).
7. Stop and then start the agents.
If the agent needs to run as root, delete the uid.conf file from the /etc/opt/novell/groupwise/agents directory and delete the uid.run file from the domain, post office and GWIA directory serviced by the agent.

Make sure to run the ConsoleOne as the same user as specified in the uid.conf file (ConsoleOne 1.3.6f or later versions can be run as a non-root user). If ConsoleOne is running as root user, the admin changes will not take effect as it will create admin messages with root privilege and agent will not be able to access those admin messages as its configured to run with non-root user privilege.

Additional Information

Notes:
For security reasons, it is preferable that the GroupWise agents not run with root user privileges.
The root user still needs to start the agents, because the agents do need to access some root only resource on startup.
All agents running on the same server must run as the same user.
If the post office and domain are located on different servers, you must complete the above steps on each server.