HP-UX AAA Server A.07.01 Administrator's Guide

$ su - aaa -c /opt/aaa/remotecontrol/rmistart.sh

4. Use the following command to start Tomcat as the www user:

$ su - www -c "export JAVA_HOME=/opt/java1.4; /opt/hpws/tomcat/bin/startup.sh"

5. Point your web browser to:

http://<hostname>:8081/aaa

NOTE: Any log files created when the HP-UX AAA server was running as the root

user will not be accessible after performing this procedure. To view these logfiles,

change the ownership to match the UID of when the log files were created. For more

information, see the chown manpage for more information.

Setting Up the HP-UX AAA Server to Start as Non-Root User After Reboot

Complete the following steps to set up the HP-UX AAA Server to start as non-root user

after reboot:

1. Set the RADIUSD variable to 1 in the /etc/rc.config.d/radiusd.conf file.

2. Open the /sbin/init.d/radiusd.rc file and look for the following entry:

DAEMONNM=radiusd

CONFFILE=$AAAPATH/clients

DAEMONEXE=/opt/aaa/bin/${DAEMONNM}

3. Change the DAEMONEXE line to set radiusd to start as the aaa user after reboot:

Change:

DAEMONEXE=/opt/aaa/bin/${DAEMONNM}

To:

DAEMONEXE=”/usr/bin/su - aaa -c /opt/aaa/bin/${DAEMONNM}”

4. Look for the following entry:

echo "$DAEMONNM started with <$retval>"

if [[ -x /opt/aaa/remotecontrol/rmistart.sh ]];

then

/usr/bin/nohup /opt/aaa/remotecontrol/rmistart.sh >/dev/null 2>&1

5. Change the then statement to start the RMI objects as the aaa user after reboot:

Change:

if [[ -x /opt/aaa/remotecontrol/rmistart.sh ]];

then

/usr/bin/nohup /opt/aaa/remotecontrol/rmistart.sh

>/dev/null 2>&1

To:

if [[ -x /opt/aaa/remotecontrol/rmistart.sh ]];

then

/usr/bin/nohup /usr/bin/su - aaa -c

60 Installing and Securing the HP-UX AAA Server