Skip to content

Changing RunAs User#

Default Account#

The installer creates a user account and group named rstudio-pm and runs the Package Manager service under this account.

Changing The RunAs Account (Service)#

You can configure Package Manager to run under another account. The steps below serve as a guide for reconfiguring Package Manager to run under an account named thor with a primary group of heroes instead of the default rstudio-pm:rstudio-pm.

  1. Stop the Package Manager service. See Stopping and Starting Package Manager.

    Terminal
    $ sudo systemctl stop rstudio-pm

  2. Create a new group and user account.

    Terminal
    $ sudo groupadd heroes
$ sudo useradd -r -g heroes -M -s /sbin/nologin thor

    In order to use the CLI tool, a user must be a member of the primary group of the user that starts the Package Manager service.

    In this example, Package Manager is started by the user thor. The primary group of the thor account is heroes, so users must be members of the heroes group to use the CLI.

  3. Edit the service configuration.

    Terminal
    sudo vi /etc/systemd/system/rstudio-pm.service.d/user.conf

    Change these lines:

    /etc/systemd/system/rstudio-pm.service.d/user.conf
    [Service]
User=thor
Group=heroes

  4. Change ownership of files and directories.

    Terminal
    # Configuration file
$ sudo chown thor:heroes /etc/rstudio-pm/rstudio-pm.gcfg

# Log files
$ sudo chown -R thor:heroes /var/log/rstudio/rstudio-pm

# Data directory (or `Server.DataDir`, if configured for a custom location)
$ sudo chown -R thor:heroes /var/lib/rstudio-pm

# Run directory (if any)
$ sudo chown -R thor:heroes /var/run/rstudio-pm

# If you have a custom `Sqlite.Dir` (e.g., `Sqlite.Dir = /database/directory`)
$ sudo chown -R thor:heroes /database/directory

# Temporary workspace directory for Git package builds
# This directory is usually found under `/tmp`. If you use a custom
# `Server.TempDir`, then it will be found at `Server.TempDir`/rspm-workspaces.
$ sudo chown -R thor:heroes /tmp/rspm-workspaces

  5. Change ownership of custom FileStorage directories.

    If you have customized any file storage locations specified in your FileStorage configuration, these directories also need to have the correct ownership.

    Terminal
    # For example:
#
# [FileStorage "cache"]
# Location = /path/to/cache
#
$ sudo chown -R thor:heroes /path/to/cache
#
# Repeat for every custom FileStorage location

  6. Remove remaining domain socket file (if any).

    Terminal
    $ sudo rm /var/run/rstudio-pm/rstudio-pm.sock

  7. Start the Package Manager service. See Stopping and Starting Package Manager.

    Terminal
    $ sudo systemctl daemon-reload # Reload the systemd process
$ sudo systemctl start rstudio-pm

  8. Verify that the rstudio-pm service is running under the thor account.

    Terminal
    $ ps -axj | grep `id -u thor`

  9. Check /var/log/rstudio/rstudio-pm/rstudio-pm.log to verify that the server started up with no errors.

Using the New RunAs Account (CLI)#

After changing the service RunAs user, your CLI users must be members of the heroes group. For example:

Terminal
$ sudo useradd -g heroes hulk
$ sudo passwd hulk
$ su hulk
$ /opt/rstudio-pm/bin/rspm <command>