The FileCatalyst Server has the ability to run as a service on Linux installations. By default, the service runs as the root user to facilitate the install and configuration of the service and has read/write access to all mount points used.
Running the FileCatalyst Server as a non-root user can also be accomplished, and this article will provide steps on how to achieve this.
- Default ports used by the FileCatalyst Server must be on a port range above 1024. The port range of 1-1024 is restricted to root users.
- Some features (such as chown on uploads) will not work, as the user running the application will no longer have file system access to perform the operations.
- Please ensure that the user running the application will also have full access (read, read-write) to the user's home directories and any mount points used.
- The instructions below are intended for a fresh install; if you are converting an existing installation, make sure all mount and storage paths are owned by the user running the FileCatalyst Server service.
FileCatalyst Server v3.8.2 and newer
Note: The following steps must be performed as the root user. Do not skip any steps.
- Install the FileCatalyst Server in the default recommended path, which is /opt/utechsoft/server.
- Complete the rest of the installation, such as enabling the Remote Admin and setting up a Remote Administration password as per standard instructions. For further information, please refer to our Quickstart Guide.
Note: Licensing of the FileCatalyst Server should be skipped. Licensing should be performed once the FileCatalyst Server is set to run as a non-root user the instructions are available later in this guide.
> root@deb10:/opt# mkdir /opt/utechsoft/server
> root@deb10:/opt# cd /opt/utechsoft/server
> root@deb10:/opt/utechsoft/server# tar -zxvf fc_server.tar.gz
- Install the service scripts found under the /opt/utechsoft/server/service_wrapper/ directory. You can use the /opt/utechsoft/server/service_wrapper/SERVICE_WRAPPER_README for assistance.
> root@deb10:/opt# cd /opt/utechsoft/server/service_wrapper/
> root@deb10:/opt/utechsoft/server/service_wrapper# ./install.sh
- Start the service script (it will run as root for now). Use the command service fcserver start to start the service.
Start the service:
> root@deb10:/opt/utechsoft/server/service_wrapper# service fcserver start
> root@deb10:/opt/utechsoft/server/service_wrapper# service fcserver status
Verify service properties and PID:
> root@deb10:/opt/utechsoft/server/service_wrapper# ps -ef | grep java
- Stop the service using service fcserver stop.
> root@deb10:/opt/utechsoft/server/service_wrapper# service fcserver stop
At this point, we know we have a working FileCatalyst Server ready to be configured as a non-root service.
- Ensure a user has been defined on the operating system. For this article, the user is called fcuser.
- Modify the application directory so that the fcuser user owns it.
> root@deb10:/opt/utechsoft/server# chown -R fcuser:fcuser /opt/utechsoft/server/
- Modify the configuration file fcconf. conf, and ensure the control channel ports are set above 1024. Only the root user can open up lower-level ports (1-1023).
These have standard values below 1024, so they need to be modified to use higher port values. For example:
- Modify service script /etc/systemd/system/fcserver.service by running the command systemctl edit --full fcserver.service to make the following changes:
>root@deb10:/opt/utechsoft# systemctl edit --full fcserver.service
Add the following lines under the [Service] to run this service as the fcuser.
Add a PIDFile entry to specify a custom path
Add the custom PIDFile path to the ExecStart/ExecStop Process
- Create an accessible directory where the service script can record PID, change the ownership to the non-root user.
>root@deb10:/opt/utechsoft/server#mkdir -p /opt/utechsoft/server/run/
>root@deb10:/opt/utechsoft/server#chown -R fcuser:fcuser /opt/utechsoft/server/run/
- Verify and change the ownership of the directories created by the FileCatalyst Server in /tmp to the new user.
>root@deb10:/opt/utechsoft/server# chown -R fcuser:fcuser /tmp/FileCatalystTemp/
>root@deb10:/opt/utechsoft/server# chown -R fcuser:fcuser /tmp/hsperfdata_fcuser/
- Verify and change the permissions of the of newly created SYSTEM_ID and requestStr.properties files to read/write with running the command chmod a+rw:
> root@deb10:/opt/utechsoft/server#chmod a+rw /opt/utechsoft/server/SYSTEM_ID
> root@deb10:/opt/utechsoft/server#chmod a+rw /opt/utechsoft/server/requestStr.properties
- Since we have made some changes to the service package fcserver.service, we have to run the command below to delete the previous configuration, re-run all generators which will reload the new configuration.
> root@deb10:/opt/utechsoft/server#systemctl daemon-reload
Now the FileCatalyst service should be able to be started by a non-root user. Run the following commands:
> [email protected]:/opt/utechsoft/server# service fcserver start
> [email protected]:/opt/utechsoft/server# service fcserver status
- Verify that the FileCatalyst Server is running by executing the following command :
> [email protected]:/opt/utechsoft/server# ps -ef | grep java
- Please refer to our Quickstart Guide and Licensing KB to license the FileCatalyst Server as well as enabling the Remote Administration of the FileCatalyst Server.
- Run these commands one last time prior to starting the FileCatalyst Server service as non-root user service:
> [email protected]:/opt/utechsoft/server# service fcserver stop
> [email protected]:/opt/utechsoft/server# chown -R fcuser:fcuser /opt/utechsoft/server/
> [email protected]:/opt/utechsoft/server# chmod a+rw /opt/utechsoft/server/SYSTEM_ID
It is also highly recommended to check the service wrapper log file (/opt/utechsoft/server/logs/wrapper.log) to ensure that no permission errors nor exceptions are seen. These are indications that you need to take steps in giving file system access to the user running the FileCatalyst Server