Running HTTP Gateway Processes as a Non-Root User

You can run HTTP Gateway as a non-root user.

About this task

Important: The changes in this procedure does not persist on upgrade. You need to perform the same operations after each upgrade of HTTP Gateway.

As the root user, stop the aspera_httpgateway service:
```
 service aspera_httpgateway stop
```
For a systemd OS, run:
```
 systemctl stop aspera_httpgateway
```
Create a system user, such as httpgateway, that you want to run the aspera_httpgateway and ascp processes.
Create a system group, such as httpgateway, and add the user to it.
Change the HTTP Gateway config folder permissions:
Using the httpgateway group as an example:
```
$ chown root:httpgateway /opt/aspera/httpgateway/config
$ chmod 775 /opt/aspera/httpgateway/config
```
If it exists, remove the file:

/opt/aspera/httpgateway/config/http-gateway.pid
Change the permissions of the directory defined in transferconfig.source_file_list_tmpdir (default is /tmp/SendFileListDir) in the gatewayconfig.properties file:
Using the httpgateway group and the default directory as an example:
```
$ chown root:httpgateway /tmp/SendFileListDir
$ chmod 775 /tmp/SendFileListDir
```
Change the permissions of the log directory defined in ascpconfig.log_dir (default is /opt/aspera/httpgateway/aspera/log) in the gatewayconfig.properties file:
Using the httpgateway group and the default log directory as an example:
```
$ chown root:httpgateway /opt/aspera/httpgateway/aspera/log
$ chmod 775 /opt/aspera/httpgateway/aspera/log
```

Edit the /etc/systemd/system/multi-user.target.wants/aspera_httpgateway.service file:

Find the line:

ExecStart=/bin/bash -ce "/opt/aspera/httpgateway/aspera-httpgateway start > /opt/aspera/httpgateway/httpgateway.log 2>&1"

Replace the line with:

ExecStart=/bin/bash -ce "sudo -u httpgateway /opt/aspera/httpgateway/aspera-httpgateway start > /opt/aspera/httpgateway/httpgateway.log 2>&1"