EAServer on UNIX platforms allows you to configure an effective
user name and group for the server to run as. This feature is useful
if you start the server while logged in as a UNIX user with administrator
privileges: you can start the server with administrator privileges,
but the server switches to an account that has fewer privileges
before it begins accepting client connections. When changing the
effective user that runs the process, you must use a group name that
the effective user is a member of. If not, the error Invalid
OS group specified: 'groupname' is
generated in the EAServer log file. For example, if you set username to
user1 and groupname to group1 and start the server
as user2, an error is generated if user2 is not a member of group1. To change
the effective account, set the following properties in the All Properties tab
in the EAServer Manager Server Properties dialog box, or with jagtool:
com.sybase.jaguar.server.unix.username specifies the user name to switch to.
com.sybase.jaguar.server.unix.groupname specifies the group name to switch to.
This feature is useful if you use listener ports less than 1024, such as 80 for HTTP and 443 for SSL. Port numbers less than 1024 cannot be used unless the server is started by the root user. After establishing network listeners, the server switches to the specified user and group. This allows you to start the server with listeners using standard HTTP and SSL port numbers, while running it as an account that has fewer privileges.
These settings are ignored on Windows platforms.
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|
