WebSphere UMASK Settings – Why Do You Care?

Posted: 26th April 2011 by admin in WebSphere

In a WebSphere cell where all application servers ‘runas’ id’s are all the same (user and group), the default umask setting in the process execution of an application server is not much of a concern.  However, what if you have a single cell with multiple application servers with different runas id’s?  This is where the wrong umask can bite you.

The default umask for application servers is 022.  This translates to 755 perms on the directory and 644 perms on the files.  The issue this causes is that a runas id can change the shared config directory for the node to where only the owner can write to it and all others just have read and execute, even those in the same group.  This creates a situation where other application servers under other user ids will not start as their tmp files cannot be written to the shared config directory on the node.  Your logs will have entries such as this:

ADMR0104E: The system is unable to read document cells node-metadata.properties: java.io.IOException: Permission denied

Provided all the runas id’s are in the same group, the solution is to change all umasks per server execution to 002.  This changes the permissions on the shared node config files to 775 for the directory and 664 for the files.  Thus, other application servers running under user ids within the same group have the required access to the node configs and can therefore start properly.