Changing novlwww permissions with Novell Access Manager

  • 7003385
  • 28-May-2009
  • 26-Apr-2012

Environment

Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Windows Novell Identity Server
Novell Access Manager 3.1 Java Agents
Novell Access Manager 3.1 SSLVPN Server
Novell Access Manager 3.1 Access Administration
Novell Access Manager 3.1 Linux Access Gateway

Situation

All Access Manager components include tomcat based applications. These components push down tomcat and the supporting files, have the novlwww user and group owning the files. The default file permissions that are set upon installation of the product give the novlwww user write access to almost every file that is part of one of the web applications that run under Tomcat. The default permissions assigned are 644 so that the files are world and group readable but only writeable by the owner.

In a bid to harden the environment, administrators may be tempted to change the ownership or permissions of these files. It's also possible that the novlwww user will have it's default shell changed from bash to null e.g. from

novlwww:x:104:106:Novell System User:/var/opt/novell/novlwww:/bin/bash

to

novlwww:x:104:106:Novell System User:/var/opt/novell/novlwww:/dev/null

Resolution

The only tested and supported Access Manager tomcat platform is that laid down with the various components. Any changes to these file permissions, users or groups is done at the risk of the administrator. Should a problem occur,  Novell
Support can require you to backout of the various changes and to reproduce the problem before receiving any help with your problem."