Symantec Access Management

 View Only
  • 1.  How to manage Siteminder Agent + Fed log permissions properly?

    Posted Jul 07, 2016 09:06 AM

    We have an Apache "HTTPD-Tomcat" combo to run Federation services using the SM WebAgent + OptionPack

    Each service (RHEL) runs with its own pair user:group = httpd:httpd | tomcat:tomcat

    We have found the wa.log created by tomcat user (?) and thus httpdis unabl to write in it

    Since log files are in /opc/CA/webagent/log (which owner is "httpd") how do I manage permissions to write logs properly?

    We have "swinged" the groups, putting tomcat in httpd and viceversa, but it doesn't seem to address completely

    At the start of HTTPD, wa.log is created with the httpd user and umask 022... How do I set the wa.log umask, btw?

    Any suggestion is appreciated

     

    Thank you



  • 2.  Re: How to manage Siteminder Agent + Fed log permissions properly?
    Best Answer

    Posted Jul 08, 2016 09:41 AM

    Eric

     

    wa.log is for webagent functionality and the webagent code runs within tomcat. The httpd / apache runs outside tomcat memory space as a separate independent process.

     

    The wa.log and federation logs would all be generated by Tomcat user because both WA and WAOP runs within Tomcat.



  • 3.  Re: How to manage Siteminder Agent + Fed log permissions properly?

    Broadcom Employee
    Posted Jul 08, 2016 04:11 PM

    Either have a specific line for umask <newvalue> in your '.profile' [dot profile] for httpd user or include umask line in the apachectl script used to start the services. Multiple ways to set the umask value.

    Online articles on "how to manage umask values on *nix platforms" would provide more insight.