11.7 Java Communication Channel Processes Run as Non-Root User After Upgrading to Access Manager 5.0

After upgrading to Access Manager 5.0, the Java Communication Channel (JCC) processes run as a non-root user in Identity Server and Access Gateway. You can revert the changes to run the process as a root user using the following procedure, which is applicable for both SLES and RHEL operating system:

Access Manager Non-Docker Deployment

  1. Go to the /etc/systemd/system/novell-jcc.service directory.

  2. Remove the following lines:

    • User=novlwww

    • Group=novlwww

  3. Execute the following commands:

    • systemctl daemon-reload

    • systemctl restart <service_name>

  4. Reboot the Identity Server machine.

Access Manager Docker Deployment

Perform the following steps:

  1. In Administration Console Dashboard, click Advanced File Configurator.

  2. Select Administration Console.

  3. Click the plus icon () > Edit Configurations on the Server, and specify the following details:

    Field

    Description

    Type

    1. Select File.

    2. Select novell-jcc.xml in File Name.

    3. File Path displays the default location for the selected file. Example: /opt/novell/devman/jcc/bin

    Cluster Name

    This option does not apply to Administration Console.

    Source

    Select the device from which you want to import the file, and click Fetch File.

    File

    Click File Editor and perform the following steps:

    1. Search for <RUN_AS=novlwww>.

    2. Modify the value to RUN_AS=root.

    3. Click Save.

    Restart Administration Console

    By default, this option is turned on for novell-jcc. Do not turn it off.

    You will be prompted to restart Administration Console after sending the configuration change to devices.

    Temporary Modification

    Turn off the toggle to retain this configuration change in the next Access Manager upgrade.

    Modification Type

    Select the type of modification from the list. You can specify the type manually if the list does not contain the required type.

    You can later use this information to search for files that are updated for a specific type. For example, you can search for all files for which Modification Type is Security Setting.

    Description

    Specify the details of the changes you have made in the file. As you might require to update the configurations many times over the period, you can use these details to track when and what changes were done in the file. You can also use this information as criteria to search for specific files.

  4. Click OK.

  5. Select novell-jccl that you have modified.

  6. Click the Send Configurations to Servers icon ().

  7. Click OK.

  8. Restart the service using /etc/init.d/novell-jcc restart.