D Changing RunAs User

D.1 Default Account

The installer creates a user account and group named rstudio-pm and runs the RStudio Package Manager service under this account. See 2.2.4 for more information.

D.2 Changing The RunAs Account (Service)

You can configure RStudio Package Manager to run under another account. The steps below serve as a guide for reconfiguring RStudio Package Manager to run under an account named thor with a primary group of heroes instead of the default rstudio-pm:rstudio-pm.

  1. Stop the RStudio Package Manager service. See 5.1.
# Ubuntu 14 and Red Hat/CentOS 6
sudo stop rstudio-pm

# Ubuntu 16+, Red Hat/CentOS 7, openSUSE/SLES
sudo systemctl stop rstudio-pm
  1. Create a new group and user account
sudo groupadd heroes
sudo useradd -r -g heroes -M -s /sbin/nologin thor

In order to use the CLI tool, a user must be a member of the primary group of the user that starts the RStudio Package Manager service.

In this example, RStudio Package Manager is started by the user thor. The primary group of the thor account is heroes, so users must be members of the heroes group to use the CLI.

  1. Edit the service configuration

Ubuntu 14 and Red Hat/CentOS 6

sudo vi /etc/init/rstudio-pm.override

Change these lines:

env RSTUDIO_PM_USER=thor
env RSTUDIO_PM_GROUP=heroes

Ubuntu 16+, Red Hat/CentOS 7, openSUSE/SLES

sudo vi /etc/systemd/system/rstudio-pm.service.d/user.conf

Change these lines:

[Service]
User=thor
Group=heroes
  1. Change ownership of files and directories
# Configuration file
sudo chown thor:heroes /etc/rstudio-pm/rstudio-pm.gcfg

# Log files
sudo chown thor:heroes /var/log/rstudio-pm.*

# Data directory (or `Server.DataDir`, if configured for a custom location)
sudo chown -R thor:heroes /var/lib/rstudio-pm

# Run directory
sudo chown -R thor:heroes /var/run/rstudio-pm

# If you have a custom `Sqlite.Dir` (e.g., `Sqlite.Dir = /database/directory`)
sudo chown -R thor:heroes /database/directory

# Temporary workspace directory for Git package builds
# This directory is usually found under `/tmp`. If you use a custom
# `Server.TempDir`, then it will be found at `Server.TempDir`/rspm-workspaces.
sudo chown -R thor:heroes /tmp/rspm-workspaces

# If you have any custom FileStorage configuration settings
#
# For example:
#
# [FileStorage "cache"]
# Location = /path/to/cache
#
# [FileStorage "launcher"]
# Location = /path/to/launcher
#
# [FileStorage "metrics"]
# Location = /path/to/metrics
#
# [FileStorage "packages"]
# Location = /path/to/packages
#
sudo chown -R thor:heroes /path/to/cache
sudo chown -R thor:heroes /path/to/launcher
sudo chown -R thor:heroes /path/to/metrics
sudo chown -R thor:heroes /path/to/packages
  1. Edit the Job Launcher configuration (unless running as root)

If you wish to build Git packages, you may need to update the Job Launcher configuration to build packages under the correct account and group.

When Running Unprivileged

When RStudio Package Manager is running unprivileged (the default), the Job Launcher automatically runs under the same user and group as the RStudio Package Manager service. Skip this step. Using a different account for the Launcher.ServerUser configuration setting is prohibited.

When Running Privileged

If you are changing the RunAs user to root, the Job Launcher will automatically use the rstudio-pm user and group to build Git packages, and you may skip this step. However, you may customize the Job Launcher user and admin group by using the Launcher.ServerUser and Launcher.AdminGroup configuration settings.

sudo vi /etc/rstudio-pm/rstudio-pm.gcfg

Add or change these lines:

[Launcher]
ServerUser = thor
AdminGroup = heroes
  1. Remove remaining domain socket file (if any)
sudo rm /var/run/rstudio-pm/rstudio-pm.sock
  1. Start the RStudio Package Manager service. See 5.1.
# Ubuntu 14 and Red Hat/CentOS 6
sudo start rstudio-pm

# Ubuntu 16+, Red Hat/CentOS 7, openSUSE/SLES
sudo systemctl daemon-reload # Reload the systemd process
sudo systemctl start rstudio-pm
  1. Verify that the rstudio-pm service is running under the thor account.
ps -axj | grep `id -u thor`
  1. Check /var/log/rstudio-pm.log to verify that the server started up with no errors.

D.3 Using the New RunAs Account (CLI)

After changing the service RunAs user, your CLI users must be members of the heroes group. For example:

sudo useradd -g heroes hulk
sudo passwd hulk
su hulk
/opt/rstudio-pm/bin/rspm <command>