Symantec Access Management

Expand all | Collapse all

How to manage Siteminder Agent + Fed log permissions properly?

Jump to Best Answer
  • 1.  How to manage Siteminder Agent + Fed log permissions properly?

    Posted 07-07-2016 09:06 AM

    We have an Apache "HTTPD-Tomcat" combo to run Federation services using the SM WebAgent + OptionPack

    Each service (RHEL) runs with its own pair user:group = httpd:httpd | tomcat:tomcat

    We have found the wa.log created by tomcat user (?) and thus httpdis unabl to write in it

    Since log files are in /opc/CA/webagent/log (which owner is "httpd") how do I manage permissions to write logs properly?

    We have "swinged" the groups, putting tomcat in httpd and viceversa, but it doesn't seem to address completely

    At the start of HTTPD, wa.log is created with the httpd user and umask 022... How do I set the wa.log umask, btw?

    Any suggestion is appreciated

     

    Thank you



  • 2.  Re: How to manage Siteminder Agent + Fed log permissions properly?
    Best Answer

    Posted 07-08-2016 09:41 AM

    Eric

     

    wa.log is for webagent functionality and the webagent code runs within tomcat. The httpd / apache runs outside tomcat memory space as a separate independent process.

     

    The wa.log and federation logs would all be generated by Tomcat user because both WA and WAOP runs within Tomcat.



  • 3.  Re: How to manage Siteminder Agent + Fed log permissions properly?

    Posted 07-08-2016 04:11 PM

    Either have a specific line for umask <newvalue> in your '.profile' [dot profile] for httpd user or include umask line in the apachectl script used to start the services. Multiple ways to set the umask value.

    Online articles on "how to manage umask values on *nix platforms" would provide more insight.