How to run as privileged user in WebLogic

I am running WebLogic 10.3. Configured a datasource as well as role-based access policies. In my web app and EJB deployment descriptors, I specified <run-as> roles so there is no problem for servlets and EJB's to access the datasource.
However, I also have some background Quartz jobs that need to access the datasource. When the jobs run, WebLogic complains:
"User "<anonymous>" does not have permission to perform operation "reserve" on resource "myDataSource"".
Doing a bit Googling, I found this thread:
http://objectmix.com/weblogic/535108-data-source-access-supposed-anonymous-user-causing-txfailures.html
The poster suggested this is a WebLogic bug in version 9.2. The workaround is to add the "weblogic" user to the security policy. I did that, but it does not seem to solve the problem, at least not in a consistent basis.
Does anyone have any idea how to permanently solve this problem? Do I need to use JAAS to create a security Subject and attach that to my Quartz job and use the runAs() call?
Thanks,
Eric
Edited by: Eric Ma on Jul 5, 2009 9:36 PM

As I understand for Quartz, I think you should create a security subject for it in your code. I guess the background tasks in Quartz work in separate threads. It is not recommended in EJB application. you can use EJB timer service instead.
-Albert

Similar Messages

How to display active directory users through weblogic portal Application?

Hi,
Does anyone has faced this situation?
I configured the activedirectory and able to see the users and group in the weblogic console at Security->Realms->Myrealm->users. when I run my portal application,I am able to see only the users that are configured in embedded weblogic LDAP ie, I can see only the users weblogic,portaladmin and yahooadmin that are of defaultauthenticator provider.I need to display the active directory users also in our portal.
I have two doubts on this?
1)Is it I need to write custom code to view the active directory users in our portal?
2)Does I need to use any jars that supports active directory authenticator?
I would appreciate if any one can reply on this with helpfull docs/information.
We are using BEA 8.1 SP4.
Windows 2000.
Surendra

Hi,
I too have a similar kind of requirement, i use a jsp to do this activity, but i get an exception, i have shown the entire jsp code below,
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<%@ page import="java.util.Set" %>
<%@ page import="javax.naming.Context" %>
<%@ page import="weblogic.jndi.Environment" %>
<%@ page import="weblogic.management.MBeanHome" %>
<%@ page import="weblogic.management.configuration.DomainMBean" %>
<%@ page import="weblogic.management.configuration.SecurityConfigurationMBean" %>
<%@ page import="weblogic.management.security.RealmMBean" %>
<%@ page import="weblogic.management.security.authentication.AuthenticationProviderMBean" %>
<%@ page import="weblogic.management.security.authentication.UserPasswordEditorMBean" %>
<%@ page import="weblogic.security.providers.authentication.LDAPAuthenticatorMBean" %>
<%@ page import="weblogic.management.configuration.EmbeddedLDAPMBean" %>
<%@ page import="weblogic.management.security.authentication.UserEditorMBean" %>
<%@ page import="weblogic.management.security.authentication.UserReaderMBean" %>
<%@ page import="weblogic.management.security.authentication.GroupReaderMBean" %>
<%@ page import="weblogic.management.utils.ListerMBean" %>
<%@ page import="javax.management.MBeanException" %>
<%@ page import="javax.management.modelmbean.RequiredModelMBean" %>
<%@ page import="examples.security.providers.authentication.manageable.*" %>
<%@ page import="weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBean" %>
<%@ page import="weblogic.management.utils.InvalidParameterException" %>
<%@ page import="weblogic.management.utils.NotFoundException" %>
<%@ page import="weblogic.security.SimpleCallbackHandler" %>
<%@ page import="weblogic.servlet.security.ServletAuthentication"%>
<%!
private String makeErrorURL(HttpServletResponse response,
String message)
return response.encodeRedirectURL("welcome.jsp?errormsg=" + message);
%>
<html>
<head>
<title>Password Changed</title>
</head>
<body>
<h1>Password Changed</h1>
<%
// Note that even though we are running as a privileged user,
// response.getRemoteUser() still returns the user who authenticated.
// weblogic.security.Security.getCurrentUser() will return the
// run-as user.
System.out.println("------------------------------------------------------------------");
String username = request.getRemoteUser();
System.out.println("User name -->"+username);
// Get the arguments
String currentpassword = request.getParameter("currentpassword");
System.out.println("Current password -->"+currentpassword);
String newpassword = request.getParameter("newpassword");
System.out.println("New password -->"+newpassword);
String confirmpassword = request.getParameter("confirmpassword");
System.out.println("Confirm password -->"+confirmpassword);
// Validate the arguments
if (currentpassword == null || currentpassword.length() == 0 ||
newpassword == null || newpassword.length() == 0 ||
confirmpassword == null || confirmpassword.length() == 0) {
response.sendRedirect(makeErrorURL(response, "Password must not be null."));
return;
if (!newpassword.equals(confirmpassword)) {
response.sendRedirect(makeErrorURL(response, "New passwords did not match."));
return;
if (username == null || username.length() == 0) {
response.sendRedirect(makeErrorURL(response, "Username must not be null."));
return;
// First get the MBeanHome
String url = request.getScheme() + "://" +
request.getServerName() + ":" +
request.getServerPort();
System.out.println("URL -->"+url);
Environment env = new Environment();
env.setProviderUrl(url);
Context ctx = env.getInitialContext();
MBeanHome mbeanHome = (MBeanHome) ctx.lookup(MBeanHome.LOCAL_JNDI_NAME);
System.out.println("MBean home obtained....");
DomainMBean domain = mbeanHome.getActiveDomain();
SecurityConfigurationMBean secConf = domain.getSecurityConfiguration();
// Sar
EmbeddedLDAPMBean eldapBean = domain.getEmbeddedLDAP();
System.out.println("Embedded LDAP Bean obtained...."+eldapBean );
RealmMBean realm = secConf.findDefaultRealm();
System.out.println("RealmMBean obtained....");
AuthenticationProviderMBean authenticators[] = realm.getAuthenticationProviders();
System.out.println("AuthProvMBean obtained....");
// Now get the UserPasswordEditorMBean
// This code will work with any configuration that has a
// UserPasswordEditorMBean.
// The default authenticator implements these interfaces
// but other providers could work as well.
// We try each one looking for the provider that knows about
// this user.
boolean changed=false;
UserPasswordEditorMBean passwordEditorMBean = null;
System.out.println("UserPwdEdtMBean obtained....");
//System.out.println("Creating MSAI....");
//ManageableSampleAuthenticatorImpl msai =
// new ManageableSampleAuthenticatorImpl(new RequiredModelMBean());
//System.out.println("Done....");
for (int i=0; i<authenticators.length; i++) {
System.out.println("### Authenticator --->"+authenticators);
if (authenticators[i] instanceof ActiveDirectoryAuthenticatorMBean)
ActiveDirectoryAuthenticatorMBean adamb =
(ActiveDirectoryAuthenticatorMBean)authenticators[i];
System.out.println("### ActiveDirectoryAuthenticatorMBean .....");
String listers = adamb.listUsers("*",0);
while(adamb.haveCurrent(listers))
System.out.println("### ActiveDirectoryAuthenticatorMBean user advancement.....");
adamb.advance(listers);
if (authenticators[i] instanceof UserPasswordEditorMBean) {
passwordEditorMBean = (UserPasswordEditorMBean) authenticators[i];
System.out.println("Auth match ...."+passwordEditorMBean);
try {
// Now we change the password
// Sar comment
System.out.println("Password changed....");
//passwordEditorMBean.changeUserPassword(username,
// currentpassword, newpassword);
changed=true;
// Sar Comment
catch (InvalidParameterException e) {
response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
return;
catch (NotFoundException e) {
catch (Exception e) {
response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
return;
// Sar code
LDAPAuthenticatorMBean ldapBean = null;
UserReaderMBean urMBean = null;
UserEditorMBean ueMBean = null;
GroupReaderMBean gMBean = null;
//ListerMBean lBean = null;
try
if (authenticators[i] instanceof LDAPAuthenticatorMBean)
ldapBean = (LDAPAuthenticatorMBean) authenticators[i];
String userFilter = ldapBean.getAllUsersFilter();
System.out.println("userFilter ="+userFilter);
if (authenticators[i] instanceof UserEditorMBean)
try
System.out.println("UserEditorMBean...");
ueMBean = (UserEditorMBean) authenticators[i];
System.out.println("List users..."+ueMBean);
boolean b = ueMBean.userExists("webuser");
System.out.println("User Exists->>>"+b);
String cursor = ueMBean.listUsers("webuser", 2);
System.out.println("List User ----->"+cursor);
catch(InvalidParameterException e)
response.sendRedirect(makeErrorURL(response, "ERROR InvalidParameterException:" + e));
catch(java.lang.reflect.UndeclaredThrowableException e)
response.sendRedirect(makeErrorURL(response, "ERROR UndeclaredThrowableException :" + e));
e.printStackTrace();
catch(Exception e)
response.sendRedirect(makeErrorURL(response, "ERROR LBean:" + e));
catch(Exception ex)
ex.printStackTrace();
response.sendRedirect(makeErrorURL(response, "ERROR:" + ex));
return;
if (passwordEditorMBean == null) {
response.sendRedirect(makeErrorURL(response, "Internal error: Can't get UserPasswordEditorMBean."));
return;
System.out.println("pwd changed ->"+changed);
if (!changed) {
// This happens when the current user is not known to any providers
// that implement UserPasswordEditorMBean
response.sendRedirect(makeErrorURL(response,
"No password editors know about user " + username + "."));
return;
%>
User <%= username %>'s password has been changed!
<br>
<br>
</body>
</html>
Here is the console log
User name -->webuser
Current password -->i
New password -->u
Confirm password -->u
URL -->http://localhost:7011
MBean home obtained....
Embedded LDAP Bean obtained....[Caching Stub]Proxy for mydomain:Name=mydomain,Type=EmbeddedLDAP
RealmMBean obtained....
AuthProvMBean obtained....
UserPwdEdtMBean obtained....
### Authenticator --->Security:Name=myrealmDefaultAuthenticator
Auth match ....Security:Name=myrealmDefaultAuthenticator
Password changed....
UserEditorMBean...
List users...Security:Name=myrealmDefaultAuthenticator
User Exists->>>true
java.lang.reflect.UndeclaredThrowableException
at $Proxy1.listUsers(Unknown Source)
at jsp_servlet.__updatepassword._jspService(__updatepassword.java:411)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.jav
a:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:463)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletC
ontext.java:6718)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:37
64)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.management.MBeanException
at weblogic.management.commo.CommoModelMBean.invoke(CommoModelMBean.java:551)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1560)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1528)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.j
ava:988)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:946)
at weblogic.management.commo.CommoProxy.invoke(CommoProxy.java:365)
... 14 more
### Authenticator --->Security:Name=myrealmDefaultIdentityAsserter
pwd changed ->true
Can u pls let me know how to get all the entries from LDAP.
Thanx
Sar

How to run the client program in weblogic 8.1 server

Hi
I am new to EJB 2.0. I am deployed sucessfully a session ejb program.
While running an ejb client program it throws an exception. In my session ejb program i created two jar file. one is sessionejb.jar and another one is sessionejbclient.jar. In sessionejb.jar contains home ,remote ,session bean class and deployment descriptor.In sessionejbclient.jar contains home,remote and client program. Both jar files are included in class path of environment variable( i am using Standalone server).
Plese guide me how to run an session ejb client correctly.
Regards
Jaiganesh

Both jar files are
included in class path of environment variable( i am
using Standalone server).did u include both these jars in the "weblogic's class path" ?
in that case, it obviously wont work.
what u need is an understanding of the following topics (i have described them briefly, but for details u can always check the documentation of weblogic):
1. Class loaders in weblogic: there are various levels of class loaders. at the top is the weblogic's class loader. below it are various EARs' class-loaders. and so on....
2. Packaging. You must ensure that in the same class loader, there are not two classes from 2 different jars.
hope that helps

Reg: How to Run a Script File in WebLogic Server 10.3.3

Hi WebLogic Experts,
In our project we are using WebLogic Serve 10.3.3. I need to run one script file. could you please suggest me where should i need to place that script file in WebLogic Server 10.3.3 and How to run & stop that Script file.?
please experts i waiting for your's reply..
Thanks & Regards,
Induja..

1. You can put a command line into startWebLogic.sh to start your script file.
2. In your proyect you can create a java class to run the script file.
3. You can create a java class to run the script file an setup it like a startup class into weblogic server.
4. You can create a java class to run the script file an setup it like a job scheduler into weblogic server.
In what time you need run this script file?

How to chage password of user's webLogic programmatically

Hi
My English isn't very good.
I use jdeveloper 11.1.1.3.0
I created a User Id and Password in Application -> Secure -> Users in jazn-data.xml. I know it isn't a common way but now I should use it.
I need a way that each user can change his/her password from a form I make for him/her.How can I do it?
also I want to know that is it possible to create user/pass programmatically?
Habib
Edited by: Habib Eslami on Feb 23, 2013 9:54 PM
Edited by: Habib Eslami on Feb 25, 2013 4:18 AM

Hi Habbi ,
You can create a user by using below code,
And also you can change the password for specific user by using change password method. Every thing possible with ADF :)
Note : before proceding with this you need to create group named 'member' (You can specify any thing) in your weblogic admin
public boolean createUser(String username, String password) {
try
JpsContextFactory jps = JpsContextFactory.getContextFactory();
JpsContext jpsContext = jps.getContext();
IdentityStoreService storeService =
jpsContext.getServiceInstance(IdentityStoreService.class);
IdentityStore is = storeService.getIdmStore();
UserManager mn = is.getUserManager();
RoleManager rm = is.getRoleManager();
Principal p =
mn.createUser(username, password.toCharArray()).getPrincipal();
Role r = is.searchRole(is.SEARCH_BY_NAME, "member");
rm.grantRole(r, p);
result="success";
return true;
catch (Exception e) {
System.out.println(e.getMessage());
if(e.getMessage().equalsIgnoreCase("User "+userName.getValue().toString()+"already exists"))
// errorMessageOT.setValue("User already exists!");
else
e.printStackTrace();
result="error";
return false;
}

How to run standalone java file from weblogic server on Solaris

Hi,
We have a requirement to run a java file at a scheduled time in a day using cron scheduler on our linux server.
We need to fetch data from the database & perform some business logic in this standalone JAVA file.
Our application has an EAR which is deployed on Weblogic 10.3 server & in our application, we are utilizing the datasource created in that domain.
Now, we have created a standealone Java file & used exisitng datasource (without Hibernate) of the domain with the help of below forums,
Use DataSource of weblogic in a standalone Java file
able to achieve the same.
I've bundled this JAVA in application WAR & depoyed on the same domain where datasource is created.
Now, how can I execute this file from anywhere on the server using weblogic classpath.
Please help on the same in implementation.
Thanks,
Uttam

If the Java application must be stand-alone you must not deploy it on WebLogic, then WebLogic will manage its lifecycle.
In this case you can use the CommonJ API and use the timermanager if it must run on a certain time. More information
of how to do this can be found here: http://middlewaremagic.com/weblogic/?p=5569
If you keep the Java application stand-only and want to use a cron job you can follow the example presented here: http://middlewaremagic.com/weblogic/?p=7065
Note that the example runs a WLST script, but you can follow the same steps to run your Java application.

How to check which privileges user is using

Hello All,
I have a user assigned DBA role in mistake many years back.
During our security overview I is flagged and now I need to revoke the DBA role from that user.At the moment it look like as follows and I am on 10204 database
Privilege
Category Granted Privilege
Role Privs CONNECT
DBA
OEM_MONITOR
RESOURCE
Sys Privs ALTER ANY MATERIALIZED VIEW
ANALYZE ANY
CREATE ANY MATERIALIZED VIEW
CREATE PROCEDURE
CREATE ROLE
CREATE SEQUENCE
CREATE SESSION
CREATE TABLE
CREATE VIEW
DROP ANY MATERIALIZED VIEW
GLOBAL QUERY REWRITE
UNLIMITED TABLESPACE
Now I need to find what all privileges out of approx 158 in the DBA role this user is using so that I can revoke the DBA role and assign that sys privielege exclusively and later on trim down a bit on those as well if possible?
Can someone help me in finding or is there a way possible to find out which privileges are actually being used by the user assigned to him via DBA role?
I can find something on net on those lines, any help or useful pointers would be highly appreciated.
Many Thanks,
Rishi

Hello All,
Right I think auditing the DBA role could save my day.I have enable the auditing on the DB for dba role as shown below:
audit_file_dest string /oraadmin/tgtx/10/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB, EXTENDED
Exact version of the database is:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Prod
PL/SQL Release 10.2.0.4.0 - Production
CORE 10.2.0.4.0 Production
TNS for Linux: Version 10.2.0.4.0 - Production
NLSRTL Version 10.2.0.4.0 - Production
I have enable the audit dba role for user exeter as shown:
SYS@TGTX> AUDIT DBA by exeter WHENEVER SUCCESSFUL;
Audit succeeded.
Now I expect to audit all the sys privs assigned to dba role but alas its not working as expected if anyone can shed any light ON it, what I am trying to do is as follows:
I am trying to use the sys priv that is create any table as user exeter who is assigned dba role as follows:
SYS@TGTX> select * from dba_role_privs where grantee='EXETER';
GRANTEE GRANTED_ROLE ADM DEF
EXETER DBA NO YES
EXETER CONNECT NO YES
EXETER RESOURCE NO YES
EXETER OEM_MONITOR NO YES
EXETER@TGTX> create table dbaschema.test2 (srno number(10));
Table created.
Now I expect to see some records in dba_audit_trail as a result of above commands but there is none, am I doing anything wrong here?
SELECT * FROM dba_audit_trail
WHERE USERNAME = 'EXETER'
ORDER BY timestamp;
No rows returned but I shall have expected atleast one row to be returned here after enabling the audit on DBA role by exeter.
Any Ideas?
Thanks
Rish

How to Find Peak Concurrent Users in weblogic

Hi
If anyone can help. I have very simple questions regarding application monitoring. I need to write a program to get the following parameters.
Heartbeat Successful Logins
Heartbeat Login Failures
Average CPU Utilization
Average Concurrent Users
Peak Concurrent Users
Average Response Time (Best 10% and Worst 10%)
I thought of getting all this information from Runtime MBeans, but MBeans properties are much more granular and gives me statistics about services (JDBC/JMS/JTA) and components (EJB/Servlets).
I have no access any Application monitoring tools ( HP OpenView/ IBM Tivoli / SiteScope / Topaz etc ) . I don’t have time to write sophisticated SNMP traps and agents.
Is there any easy way to find out the fowling parameters .
Heartbeat Successful Logins
Heartbeat Login Failures
Average CPU Utilization
Average Concurrent Users
Peak Concurrent Users
Average Response Time (Best 10% and Worst 10%)
It may be possible to write a Proxy Servlet and gather all this matrices, but in that case I don’t know what should be the code or which weblogic API I can utilize.
Please help , Thanking you in advance
Tanmoy

Hi,
weblogic.management.runtime.ServerSecurityRuntimeMBean have API to provide some of the security data you require.
The console displays some of the security and performance data.
check out the monitoring section.
http://e-docs.bea.com/wls/docs81/adminguide/overview.html#1037864
http://e-docs.bea.com/wls/docs81/javadocs/index.html
vasanthi Ramesh

Would like to create less privileged user to see few reports

We would like to create less privileged user in EM Grid Control 11g to see only few reports.
Any link or note on how to create less privileged user account?

Here is a link to the steps. The screens make it sound like you are creating another administrator, but you can limit the access during the setup.
Another option would be to publish the reports. You can have them emailed out or have a link that others could access.
HTH,
Brian
Oracle® Enterprise Manager Administration 11g Release 1 (11.1.0.1)
http://download.oracle.com/docs/cd/E11857_01/em.111/e16790/security3.htm#CFADEFCA
http://download.oracle.com/docs/cd/E11857_01/em.111/e16790/information_publisher.htm#BGBGDBCG

How to enable a low privilege user to run an administrative script ?

Hello
I have a problem which seems to come from the lack of "sudo" in Windows.
I want standard low privileges users to be enable to run a script that will give them a result (i-e DB status on Exchange). I don't want to give them any right, so the only solutions i think about are
- to make a scheduled task on a server, and give them only the right to launch the task (but i'd prefer them not to be able to log on the server, so i don't like it)
- To create a webpage (ASP.NET, i guess) that runs the script when they click a button. I'm not a dev, i won't be able to do it easily but i think i will have to.
Do you have better ideas please ?

Signed scripts could include authorizations to be ran from some chosen users...
This is not possible in Windows because an process that can escalate inside of a user process allows the user process namespace to access the processes security context. This makes it possible for the process to see the credentials of the script. The password
also has to beencoded in a way that he user can decode so it is almost the same as giving out the admin password.
UAC is designed to protect an admin. Bypassing authentication or merging it with a users context defeats the security.
The closes we can come is to delegate the authority carefully or to provide a proxy service that is secure.
Access to read the Exchange DB status can be delegated without giving admin access to Exchange. Post in Exchange forum to learn how to set up Exchange read-only operators.
I recommend that this should be done as a set of reports exposed through a web site. The reports can be generated daily or more frequently. This would be more consistent with other management scenarios.
¯\_(ツ)_/¯

What privileges user should have to install and run weblogic on linux box

What privileges user should have to install and run weblogic on linux box ?

Hello.
Normal user if you don't want to listen to ip port < 1024 or write in protected directories (like /var).
Regards.

How to run commands upon system boot as user?

How can I as a user run commands upon system boot? In Vixie's cron, one can use the @reboot syntax in a crontab, and the job is ran every time the cron daemon starts. Arch however, uses Dillon's cron which seems not support this feature.

bwalk wrote:Hmm, does not work, because root owns init, so everything requires root. stb's version is valid, the -s parameter drops privileges to <USER>, spawns a shell and executes <COMMAND>. So, no security problem whatsoever.
So there is nothing like @reboot in vixiecron?

How to run etherape with ordinary user?

hi
when run etherape show this massege:
No capture device found or insufficient privileges.
Only file replay will be available.
EtherApe must be run with administrative privileges (e.g. root) to enable live capture.
Pcap error: no suitable device found
i create group etherape with this ownership
┌─[root@mymind] - [/etc] - [Sat Feb 04, 12:02]
└─[$] <> groupadd etherape
┌─[root@mymind] - [/etc] - [Sat Feb 04, 12:02]
└─[$] <> chgrp etherape /usr/bin/etherape
and add my user to this groups
┌─[root@mymind] - [/etc] - [Sat Feb 04, 12:02]
└─[$] <> usermod -G root,network,http,mysql,dbus,mem,bin,daemon,gdm,audio,video,rfkill,wheel,disk,sys,etherape mostafa
how to run etherape with ordinary user(without root privilege)?
Last edited by mostafasedaghat (2012-02-03 20:37:44)

mostafasedaghat wrote:how to run etherape with ordinary user(without root privilege)?
You can't. It requires root to set network card attributes, which can only be set with administrative priviledges. But it should be no problem to start it with sudo.

How do you make a program run when any user logs in?

I have an application which will need to run when any users logs in.
Such that Joe downloads and installs the application, logs out, then Sally logs in and the application runs for Sally.
Does anyone know how to do this?

Hey Steve, thanks for that link. It seems to be what
I am looking for. What is the meaning of the
~/Library vs /Library ? They are definitely
different folders.
Yes, they are definitely different folders. The "~" character represents the current users home folder, so "~/Library" represents the Library folder that's located inside a users home folder. Anything placed in there will only affect the one user whose home folder you've accessed.
The "/Library" folder is the Library folder that exists at to root of the boot volume. Things placed in this Library folder will affect all users of the system. Basically it's sort of a "global" Library.
Also, from a script, how do I add an item to execute
for that kind of PList?
That could be tricky based on the structure of that particular plist file. I haven't really looked at it closely but one place you could start is to read the "man" page for the "defaults" command... enter "man defaults" in Terminal. The "defaults" command allows you to read/write plist files, but defaults is not very good at accessing deeply nested plist items.
Related to that, how do I tell if the logging item
for my App is already there? I do not want to keep
adding to the list if it is there. If someone
deletes my app and then reinstalls it, I do not want
it to run twice, three times, etc..
Again, you could possibly read the plist using the defaults command and determine whether your item was already present or not.
Do you know of the one in the ~/Library path, what
user it execute as? Since it is all users, it
probably is root or something like that.
No, the one in ~/Library is in each individual user home folder. It will execute with the current user's privileges. This is where Login Items normally go when you go through the GUI... "Sys.Prefs -> Accounts -> Login Items" and add a login item for one user.
Even items placed in /Library, which should execute for all users, will execute with the current user's privileges.
In the near
future we might need root privileges, so I might need
a program to startup for all users as root instead of
the user.
Is your app, that needs to run at login time, a GUI application or is it a faceless shell script (or something similar). Your original post gave me the impression that you needed to launch a GUI application. However, if it's a shell script then you probably want to look at doing a LoginHook instead of using the Login Items procedure at the web page I posted earlier. I believe a LoginHook will also give you the ability to run the script as root.
Check out this link at the ADC website.
or
Take a look at this information and this utility at Mike Bombich's website.
Steve

Solaris: How do I specify the user under which the WLS runs?

I just upgraded from WLS 5 to 8. OS is Solaris 8.
Configuration is one single admin server which also acts as the only managed server.
The admin server must start up as root so that the users don't have to specify the port :443 at the URL (don't ask me why, but it seems to be the fact on Solaris).
After starting, I want the server java process to actually run as another user than root. How to I do this?
It worked on the old Solaris server with WLS 5.1, and I have an idea that it had something to do with the command line option -Dweblogic.system.user=. That option has no effect when trying it with WLS 8.1.
This must be a common task when running WLS on Solaris. But I cannot figure it out, and a thousand users are waiting for the application to start up. Can anyone tell me how to do this?
Regards,
Anders.

If you logged in as userx and started server, the weblogic server process will be started as userx.
If you want usery to start server, then you need to give permissions accordingly, though you have installed the weblogic as root.
-Dweblogic.system.user=, option works only when this user has rwx permissions to various files under weblogic dir (log files, applications, .....).
Regards
Sree

How to run as privileged user in WebLogic

Similar Messages

Maybe you are looking for