000018801 - To run Keon CA in Solaris by modifying the username and changing file ownership.

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018801
Applies ToKeon Certificate Authority
Sun Solaris
IssueTo run Keon CA in Solaris by modifying the username and changing file ownership.
error: "warning: unable to change owner: Not owner"
error: "warning: can't drop permissions: Not owner"
CauseIn Solaris, during the first phase of Keon CA installation, the installer has the option to change the 'User' or 'Group' field. However, once the installation process is completed, the modification to the 'User' or 'Group' field is not reflected in "httpd.conf" and "sessiond.conf" files. The files can be modified manually but the web server can only be enabled by the installer or by 'root'. If you are not a super-user (root), the startup may display warning messages like:
              warning: unable to change owner: Not owner
              warning: can't drop permissions: Not owner
These warning messages doesn't hinder the web server to start successfully.

Note that when installing Keon CA as 'root' and the port numbers assigned are less than 1024, Keon CA cannot be started by another username even if the file ownership has been changed. If you intend to install Keon CA as 'root' and will change file ownership to another username, please make sure to install Keon CA with port numbers higher than 1024.
ResolutionIn order to run Keon CA in Solaris as another username, the following steps are to be considered:
1. Stop Keon CA
2. Change "httpd.conf" file (modify 'User' or 'Group' parameter)
3. Change "sessiond.conf" file (modify 'User' parameter)
4. Check if there is adequate permission to the installer's directory path.
    Otherwise, the installer's directory path has to be shared.
    An example would be:
                          my home directory: /home/userA
     my Keon CA installation directory: /home/userA/rsakeon
     To share my directory, I would grant read/write/execute permissions to my
     home directory. To do that, change directory to /home and using the
     'chmod' command, type:    chmod 770 userA
5. Change ownership of the installation directory.
    To change ownership, go to your home directory (an example would be my
    home directory: /home/userA). Using the 'chown' command, I would
    type:     chown -hR userB rsakeon    
     where 'userB' is the new owner of /home/userA/rsakeon directory.
    Please make sure also that the symbolic link file(strongStrings.so) in
    ../WebServer/conf directory is owned by the new user.

    Example1:
    my home directory contains the following attributes:

    /home/userA> ls -l
    drwxr-xr-x   2 userA staffA        512 Jul  5 08:11 install
    drwxr-xr-x   3 userA staffA        512 Jul  6 10:35 testing
    drwxr-xr-x   3 userA staffA        512 Jul  5 08:14 rsakeon

    To change ownership of 'rsakeon' directory from 'userA' to 'userB', I would
    type:
            > chown -hR userB rsakeon

    The resulting attribute would be:
    /home/userA> ls -l
    drwxr-xr-x   2 userA staffA        512 Jul  5 08:11 install
    drwxr-xr-x   3 userA staffA        512 Jul  6 10:35 testing
    drwxr-xr-x   3 userB staffA        512 Jul  5 08:14 rsakeon

     Example2:
     If user 'root' installs Keon CA into my home directory, the attributes would be:

    /home/userA> ls -l
    drwxr-xr-x   2 userA staffA        512 Jul  5 08:11 install
    drwxr-xr-x   3 userA staffA        512 Jul  6 10:35 testing
    drwxr-xr-x   3 root    other         512 Jul  6 10:40 rsakeon-root
    drwxr-xr-x   3 userB staffA        512 Jul  5 08:14 rsakeon

    To change ownership of 'rsakeon-root' to 'userA', I would type:
          > chown -hR userA:staffA rsakeon-root

    The resulting attribute would be:
    /home/userA> ls -l
    drwxr-xr-x   2 userA staffA        512 Jul  5 08:11 install
    drwxr-xr-x   3 userA staffA        512 Jul  6 10:35 testing
    drwxr-xr-x   3 userA staffA        512 Jul  6 10:40 rsakeon-root
    drwxr-xr-x   3 userB staffA        512 Jul  5 08:14 rsakeon

    ** You will notice that the group name has been changed to 'staffA'.

6. To enable Keon CA, 'userB' has to log into his own account and change
    directory to '/home/userA/rsakeon' directory.
Legacy Article IDa3513

Attachments

    Outcomes