Running alfresco as a non root user

Hello
I have installed Alfresco stack 3.3g on Centos4 and it works fine.
I noticed that the afresco process runs as a root if you start ctlstart,sh script as root.
I would like to run it as say alfresco user.
Which folders will need to be chown-ed to alfresco:alfresco in order for the application to function properly.
(My thinks that data folders, cache forlders, log folders ??? ). Or maybe even complete /opt/alfresco (no this should remain root:root as much as possible) ?

Hi,

You have to modify the premissions for installdir/apps/alfresco, installdir/apache-tomcat and installdir/java folders.

Hi,

I am using alfresco bitnami VM (BitNami Alfresco Stack 3.4.c-0) and want to run alfresco stack as a non-root user. I changed permissions as mentioned above, but ctlscript.sh starts tomcat as a root user only. Do I need to modify anything in the ctlscipt.sh or it’s permissions which are rott:root? I am wondering if I could use ‘sudo -u non-root-user’ to start the stack, but not sure whether it will impact other services in the bitnami install. Any suggestions for running it as non-root user will be really helpful.

Also, since bitnami install comes in a self-contained directory structure, why not have things like tomcat/mysql/java running under non-root user?

—
Shantanu.

Hi,

Java applications are not necessary to run as a different user but you are right, it is a more secure configuration. The problem is that we configured the Virtual Appliances to listen in the 80 port and it is not simple to run Tomcat as non-root user in a port < 1024. Take a look this guide to know different ways to do that http://wiki.apache.org/tomcat/HowTo#How_to_run_….3F

Thanks for the reply Beltran. I am planning to modify tomcat config to run on port 8080 and then use apache reverse proxy to forward port 80 traffic to backend tomcat. The problem with running tomcat as root user is with security and some other related config issues as well. As an example I am using NFS to store alfresco data/files. Since these alfresco files need write permissions for root, one has to enable no_root_squash on NFS server side. This may not be possible or desired configuration in many environments.

Good point, thanks for your feedback.