Print this page

Running Identity Connect as non root user in unix like systems

Knowledge Article Number 000228368
Description This article explains how to install and run Identity Connect service as non root user in unix like systems
Resolution 1) Install Identity Connect as a non-root user (in this example userName = forgerock) 
2) Login as a non-root user, then su to root, before starting the Identity Connect service.


su - root 
[root@centos ~]# cd /home/forgerock/salesforceIdConnect/bin 
[root@centos ~]# cp idconnect /etc/init.d 
[root@centos ~]# cd /etc/init.d/ 
[root@centos ~]# chkconfig --add idconnect 
[root@centos ~]# service idconnect start 
Find the pid of the java process: 

[root@centos ~]# ps aux |grep java 
500 5696 17.0 7.7 3115676 624568 ? Sl 14:25 0:13 /usr/bin/java -Djava.util.logging.config.file=/home/forgerock/salesforceIdConnect/conf/logging.properties -Xmx2048m -Xms2048m -Dstorage.wal.maxSize=500 -Djava.endorsed.dirs= -classpath /home/forgerock/salesforceIdConnect/bin/*:/home/forgerock/salesforceIdConnect/framework/* -Dopenidm.system.server.root=/home/forgerock/salesforceIdConnect -Djava.awt.headless=true -Djava.security.auth.login.config=/home/forgerock/salesforceIdConnect/security/jaas-repo.conf org.forgerock.commons.launcher.Main -c /home/forgerock/salesforceIdConnect/bin/launcher.json 
root 5774 0.0 0.0 103304 876 pts/0 S+ 14:26 0:00 grep java 

Find the user running that process: 

[root@centos ~]# netstat -tuple |grep 5696 
tcp 0 0 localhost:powerexchange *:* LISTEN forgerock 43052 5696/java 
tcp 0 0 localhost:kofax-svr *:* LISTEN forgerock 43051 5696/java 
tcp 0 0 *:pcsync-https *:* LISTEN forgerock 43063 5696/java 

Note that the non-root user is running the Identity Connect service. The forgerock userId is 500: 

forgerock:x:500:500:forgerock:/home/forgerock:/bin/bash 




promote demote