Running HTTP Gateway Processes as a Non-Root User
You can run HTTP Gateway as a non-root user.
About this task
Important: The changes in this procedure does not persist on upgrade. You
need to perform the same operations after each upgrade of HTTP Gateway.
Procedure
-
As the root user, stop the aspera_httpgateway
service:
service aspera_httpgateway stop
For a systemd OS, run:systemctl stop aspera_httpgateway
- Create a system user, such as httpgateway, that you want to run the aspera_httpgateway and ascp processes.
- Create a system group, such as httpgateway, and add the user to it.
-
Change the HTTP Gateway config folder permissions:
Using the httpgateway group as an example:
$ chown root:httpgateway /opt/aspera/httpgateway/config $ chmod 775 /opt/aspera/httpgateway/config
-
If it exists, remove the file:
/opt/aspera/httpgateway/config/http-gateway.pid
-
Change the permissions of the directory defined in
transferconfig.source_file_list_tmpdir (default is
/tmp/SendFileListDir) in the
gatewayconfig.properties file:
Using the httpgateway group and the default directory as an example:
$ chown root:httpgateway /tmp/SendFileListDir $ chmod 775 /tmp/SendFileListDir
-
Change the permissions of the log directory defined in
ascpconfig.log_dir (default is
/opt/aspera/httpgateway/aspera/log) in the
gatewayconfig.properties file:
Using the httpgateway group and the default log directory as an example:
$ chown root:httpgateway /opt/aspera/httpgateway/aspera/log $ chmod 775 /opt/aspera/httpgateway/aspera/log
-
Edit the
/etc/systemd/system/multi-user.target.wants/aspera_httpgateway.service
file:
Find the line:
Replace the line with:ExecStart=/bin/bash -ce "/opt/aspera/httpgateway/aspera-httpgateway start > /opt/aspera/httpgateway/httpgateway.log 2>&1"
ExecStart=/bin/bash -ce "sudo -u httpgateway /opt/aspera/httpgateway/aspera-httpgateway start > /opt/aspera/httpgateway/httpgateway.log 2>&1"
-
Start the aspera_httpgateway service:
service aspera_httpgateway start
For a systemd OS, run:systemctl start aspera_httpgateway