5 R Sessions

5.1 R Executable and Libraries

5.1.1 Locating R

RStudio Server uses the version of R pointed to by the output of the following command:

$ which R

The which command performs a search for the R executable using the system PATH. RStudio will therefore by default bind to the same version that is run when R is executed from a terminal.

For versions of R installed by system package managers this will be /usr/lib/R. For versions of R installed from source this will typically (but not always) be /usr/local/lib/R.

If you want to override which version of R is used then you can use the rsession-which-r setting. For example:

/etc/rstudio/rserver.conf

rsession-which-r=/usr/local/bin/R

Note that this change will not take effect until the server is restarted.

5.1.1.1 Using Multiple Versions of R

The section above describes how RStudio Server locates the global default version of R. It’s also possible to specify alternate versions of R either by user or by group. The R Versions section describes this in more detail.

5.1.2 Locating Shared Libraries

You can add elements to the default LD_LIBRARY_PATH for R sessions (as determined by the R ldpaths script) by adding an rsession-ld-library-path entry to the server config file. This might be useful for ensuring that packages can locate external library dependencies that aren’t installed in the system standard library paths. For example:

/etc/rstudio/rserver.conf

rsession-ld-library-path=/opt/someapp/lib:/opt/anotherapp/lib

Note that this change will not take effect until the server is restarted.

5.1.3 Customizing Session Launches

5.1.3.1 Profile Script Execution

RStudio Server launches R sessions under a bash login shell. This means that prior to the execution of the R session the bash shell will read and execute commands from this file if it exists:

/etc/profile

After reading that file, it looks for the following files and reads and executes commands from the first one that exists and is readable (it’s important to note that only one of these files will be read and executed):

~/.bash_profile
~/.bash_login
~/.profile

If you have further RStudio specific initialization logic (exporting environment variables, etc.) you can optionally create an R session specific profile script at:

/etc/rstudio/rsession-profile

If it exists this script will be executed prior to the bash shell that launches the R session. This script must be executable by all RStudio users, so it is recommended that you set its file permissions to 755 via the following command:

chmod 755 /etc/rstudio/rsession-profile

In some situations, you will not want to run user shell profile scripts. This is also a good way to troubleshoot the inability for sessions to launch, as it could indicate a conflict is occurring due to environment variables being set in the shell profiles. To disable execution of the shell profiles, set the rsession-no-profile option to 1 in /etc/rstudio/rserver.conf. For example:

/etc/rstudio/rserver.conf

rsession-no-profile=1

5.1.3.2 Environment Variables

R sessions inherit environment variables that are explicitly exported from the profile scripts described above. It’s also possible to append paths to the LD_LIBRARY_PATH environment variable using the rsession-ld-library-path option (see previous section for details).

Another source of environment variables are PAM sessions. On Debian/Ubuntu systems, the default PAM profile run by RStudio Server includes the environment variables defined in /etc/security/pam_env.conf and /etc/environment. To learn more about setting environment variables with PAM you should consult the PAM Sessions section as well as the documentation on the pam_env module here: http://linux.die.net/man/8/pam_env.

5.1.3.3 Program Supervisors

You may also wish to run R sessions under a program supervisor that modifies their environment or available resources. You can specify a supervisor (and the arguments which control it’s behavior) using the rsession-exec-command setting. For example:

/etc/rstudio/rserver.conf

rsession-exec-command=nice -n 10

This example uses the nice command to run all R sessions with a lower scheduling priority. See http://linux.die.net/man/1/nice for more details on nice. Note that for nice in particular it’s possible to accomplish the same thing using user and group profiles (and even specify a custom priority level per user or group). See the User and Group Profiles section for more details.

5.1.4 Diagnosing Session Launch Failures

RStudio Server Pro allows you to launch sessions in a diagnostics mode to capture extended session launch information in the event that you run into problems when starting sessions. This mode captures the environment variables that are set by all of the profile scripts, loading of any modules, arguments passed to the session, and the exit code of the session and any stack trace information if the session crashes. To enable collection of this diagnostic data, set the rsession-diagnostics-enabled flag in /etc/rstudio/rserver.conf like below:

/etc/rstudio/rserver.conf

rsession-diagnostics-enabled=1

When this setting is enabled, all sessions that are started will create a diagnostics file that contains extended launch diagnostics under the /tmp directory by default. To change the location, use the rsession-diagnostics-dir to point to the desired directory, like so:

/etc/rstudio/rserver.conf

rsession-diagnostics-dir=/tmp/diagnostics

Be aware that this directory should be accessible by all users of the system. If it does not exist, RStudio will attempt to create it and set its permissions to Read/Write/Execute for everyone (file permissions of 777).

Strace information can be included in the diagnostics file by adding the rsession-diagnostics-strace-enabled flag as shown below. Before using this setting, ensure that strace is installed and is available on your users’ path.

/etc/rstudio/rserver.conf

rsession-diagnostics-enabled=1
rsession-diagnostics-strace-enabled=1

We recommend that you send these files to RStudio support to aid in troubleshooting any session launch issues should they arise.

5.1.4.1 Safe Mode

Two of the most common session startup problems are (1) oversized global R environments, which take a long time to load into memory when the session is resumed, and (2) problematic code in .Rprofile which takes too long to run or throws errors during startup.

In order to help eliminate these variables as the cause of session startup issues, RStudio Server can start sessions in Safe Mode. This mode starts the session without running .Rprofile or restoring the global environment. If a session takes too long to start, the user will be given the option to restart a session in Safe Mode.

It is also possible to control these features independently, which can be helpful when troubleshooting issues.

5.1.4.1.1 Skipping Workspace Restoration

To skip workspace restoration (i.e. reloading the contents of the global environment), append ?restore_workspace=0 to the R session’s full URL. For example:

https://yourcorp/rstudio/s/4cc57da229b59e81c306b/?restore_workspace=0

Note that this will work only if the session is not already running. If you are currently waiting for the session to start, it is too late to try to skip workspace restoration, since it is already in progress. Kill or force-kill the session before restarting the attempt with the restore_workspace flag.

5.1.4.1.2 Omitting .Rprofile

To skip executing .Rprofile, append run_rprofile=0 to the R session’s full URL. For example:

https://yourcorp/rstudio/s/4cc57da229b59e81c306b/?run_rprofile=0

Just like restore_workspace, this can only be used prior to the session starting.

Note that Safe Mode is only available when RStudio Server itself is starting sessions, so it is not a useful troubleshooting technique when sessions are being run using the Job Launcher.

5.2 Session Startup Scripts

When an R session starts up, the following scripts are run:

  1. Any PAM session modules Pro
  2. The /etc/rstudio/rsession-profile script Pro
  3. The environment module for the R version in use, if any; see Extended R Version Definitions Pro
  4. The prelaunch script for the R version in use, if any; see Extended R Version Definitions Pro
  5. System and user shell profile scripts, such as .bash_profile Pro
  6. The R session itself, inside any supervisor specified by rsession-exec-command Pro
  7. .Rprofile and other R initialization scripts; see Initialization at the Start of a Session for details
  8. RStudio-internal session startup scripts
  9. The rstudio.sessionInit hook

The very last of these provides a way to run code after the R session is fully booted and ready to use; since it only runs in RStudio it can be used to finalize R sessions in RStudio-specific ways, using for example methods in the rstudioapi package. Here is an example that prints the RStudio version in new R sessions:

/opt/R/version/lib64/r/etc/Rprofile.site

setHook("rstudio.sessionInit", function(newSession) {
  if (newSession)
    message("Welcome to RStudio ", rstudioapi::getVersion())
}, action = "append")

5.3 User and Group Profiles

User and Group Profiles enable you to tailor the behavior of sessions on a per-user or per-group basis. The following attributes of a session can be configured within a profile:

  1. Version of R used
  2. CPU affinity (i.e. which set of cores the session should be bound to)
  3. Scheduling priority (i.e. nice value)
  4. Resource limits (maximum memory, processes, open files, etc.)
  5. R session timeouts (amount of idle time which triggers session suspend)
  6. R session kill timeouts (amount of idle time which triggers a session to be destroyed and cleaned up)

Note that if launching sessions via the Job Launcher, scheduling priority and resource limits are not ignored, but these should generally be configured via the Job Launcher itself where applicable. For example, when running Kubernetes sessions, memory limits can be specified each time a session is launched, so memory limits should be configured by the Job Launcher in that case.

5.3.1 Creating Profiles

Profiles are defined within the file /etc/rstudio/profiles. Note that this file is not created by default so you’ll need to create it if doesn’t already exist. Profiles are divided into sections of three different type:

  1. Global ([*])

  2. Per-group ([@groupname])

  3. Per-user ([username])

Here’s an example profiles file that illustrates each of these types:

/etc/rstudio/profiles

[*]
cpu-affinity = 1-4
max-processes = 800
max-memory-mb = 2048
session-limit=5
session-timeout-minutes=60
session-timeout-kill-hours=24

[@powerusers]
cpu-affinity = 5-16
nice = -10
max-memory-mb = 4096
session-limit=10

[jsmith]
r-version = /opt/R/3.1.0
session-timeout-minutes=360

This configuration specifies that by default users will run on cores 1 to 4 with a limit of 800 processes and 2GB of virtual memory. It also specifies that members of the powerusers group will run on cores 5 to 16 with an elevated nice priority and a limit of 4GB of memory. Finally, the user jsmith is configured to use a different version of R from the system default.

Note that the /etc/rstudio/profiles file is processed from top to bottom (i.e. settings matching the current user that occur later in the file always override ones that appeared prior). Additionally, some settings do not apply to certain editor types (like Jupyter or VS Code). The settings available within /etc/rstudio/profiles are described in more depth below.

5.3.2 Session Limit

To configure the maximum allowed number of sessions you can use the session-limit option. This is a more flexible choice than disabling multiple sessions entirely with server-multiple-sessions.

For example to limit user to 5 sessions:

session-limit=5

By default there is no limit to the number of sessions other than the one specified by the license. This limit has no effect if greater than the number of sessions allowed by your license.

This setting applies to all session types (RStudio, Jupyter, and VS Code).

5.3.3 Session Timeout

To configure the amount of idle time to wait before suspending sessions you can use the session-timeout-minutes option. Idle time is the amount of time since a session has run any R commands, including commands typed by the user in the console and the execution of any R scripts.

For example:

session-timeout-minutes=360

The default value if none is explicitly specified is 120 minutes.

There are some conditions where an R session will not be suspended, these include:

  1. When a top-level R computation is running
  2. When the R prompt is not in it’s default state (e.g. during a debugging session)

You can also specify that R sessions should never be suspended by setting the session-timeout-minutes to zero. For example:

session-timeout-minutes=0

This setting only applies to the RStudio IDE, and does not apply to Jupyter or VS Code. Session timeout can be configured for Jupyter sessions via the session-cull setting - see Jupyter configuration for more details. There is currently no mechanism for timing out VS Code sessions.

5.3.4 Session Timeout Kill

To configure the amount of time to wait before forcefully killing and destroying sessions you can use the session-timeout-kill-hours option in the /etc/rstudio/rsession.conf file. This allows you to specify how much time should pass before a session is automatically cleaned up. This is the length of time during which a session exists without user input (regardless of computation status) allowing you to automatically reclaim temporary disk space used by the session, and to stop its processes and children.

This setting should only be used to ensure that any sessions that users have forgotten about are destroyed, reclaiming valuable disk space. Note that this setting does not work if the server-shared-storage-path is located on a root squash mount.

Sessions can be destroyed while important computations are executing. The user whose session is cleaned will also lose all unsaved code and data.

This setting can also be used in conjunction with session-timeout-minutes, allowing already suspended sessions to be cleaned up.

For example:

session-timeout-kill-hours=48

The default value if none is explicitly specified is 0 hours, meaning sessions will never be killed and destroyed automatically. The supplied value should be an integer representing the amount of hours a session can go without user interaction before being killed.

This setting only applies to the RStudio IDE, and does not apply to Jupyter or VS Code. Session timeout can be configured for Jupyter sessions via the session-cull setting - see Jupyter configuration for more details. There is currently no mechanism for timing out VS Code sessions.

5.3.4.1 Interaction with session-timeout-minutes

It is recommended that the session-timeout-kill-hours be set to a much higher span of time than that specified by session-timeout-minutes. This will allow sessions to be suspended (and not destroyed) before they are forcefully killed and cleaned up, allowing for a better user experience. Note however, that if a session is running a long-running computation, it may not be suspended but it will still be killed.

If session-timeout-kill-hours is set to an amount of time less than session-timeout-minutes (which has a default of 2 hours), then sessions will never be suspended and they will be forcefully killed and cleaned up.

The two settings may be set to the same amount of time, but this is not recommended. In this case, it is undefined whether or not the session will be suspended, but the session will be killed and cleaned up regardless.

5.3.5 CPU Affinity and Scheduling Priority

If you have users or groups that consistently require more compute resources than others you can use profile settings to reserve CPUs (cpu-affinity) as well as raise overall scheduling priority (nice).

5.3.5.1 CPU Affinity

The cpu-affinity setting specifies which cores on a multi-core system should be used to schedule work for a session. This is specified as a comma-separated list of core numbers (1-based) where both individual cores and ranges of cores can be specified. For example:

cpu-affinity = 1,2,3,4
cpu-affinity = 1-4
cpu-affinity = 1,2,15-16

To determine the number of addressable cores on your system you can use the nproc command:

$ nproc

This setting applies to all session types (RStudio, Jupyter, and VS Code).

5.3.5.2 Scheduling Priority

The nice setting specifies a relative priority for scheduling session CPU time. Negative 20 is the highest nice priority and positive 20 is the lowest priority. The system default niceness for processes is typically 0. The following are all valid nice values:

nice = -10
nice = 0
nice = 15

Scheduler behavior around nice priorities varies by system. For more details see nice use and effect.

This setting applies to all session types (RStudio, Jupyter, and VS Code).

5.3.6 Resource Limits

Profiles can also be used to specify limits on available memory as well as the maximum number of processes and open files.

5.3.6.1 Available Memory

The max-memory-mb setting controls the maximum amount of addressable memory for R sessions (by default memory is unlimited). This example specifies a limit of 2GB:

max-memory-mb = 2048

Note that this value sets the amount of virtual memory that can be used by a process. Virtual memory includes code (i.e. shared libraries) loaded by the process as well as things like memory mapped files, so can often consume several hundred megabytes even for a vanilla R session. Therefore, you want to be sure not to set this threshold too low (in no case should you set it below 1024).

This setting applies to all session types (RStudio, Jupyter, and VS Code).

5.3.6.2 Number of Processes

The max-processes setting controls the maximum number of system processes createable by a user. This setting is useful to prevent either inadvertent or malicious fork bombs. The following example sets a limit of 800 processes:

max-processes = 800

Note that max-processes refers to system processes, not R processes. Users may need to create many system processes in order to use RStudio Server, so we recommend setting this value high and testing the outcome before deploying in production.

This setting applies to all session types (RStudio, Jupyter, and VS Code).

5.3.6.3 Number of Open Files

In most Linux environments there is a maximum of 1024 open files per process. This is typically more than enough, but if you have a particular applications that requires more open files the max-open-files setting can be used to increase the limit. For example:

max-open-files = 2048

This setting applies to all session types (RStudio, Jupyter, and VS Code).

5.3.7 Using Multiple Versions of R

As illustrated above, you can bind users or groups to distinct versions of R installed on your server. This is controlled by the r-version option. Here are several examples of it’s use:

r-version = /usr/lib/R
r-version = /usr/local/lib/R
r-version = /opt/R/3.1.0
r-version = /opt/R/3.2.0

Note that r-version specifies the full path to the directory where R is installed.

See the R Versions chapter for additional details on running multiple versions of R on a single server.

This setting only applies to the RStudio IDE, and does not apply to Jupyter or VS Code.

5.4 Multiple R Sessions

RStudio Server Professional enables users to have multiple concurrent R sessions on a single server or load balanced cluster of servers (the open-source version of RStudio Server supports only a single session at a time).

5.4.1 Creating New Sessions

You can start a new R Session using the New Session command from the Session menu (or the corresponding toolbar button near the top-right of the IDE).

You can also open an existing RStudio project in a new R session by using the Open Project in New Session command. When switching projects there is also a button on the right side of the projects menu that lets you specify that the project should be opened in a new session rather than within the current one.

You can review all currently running sessions and switch between them using the Sessions toolbar near the top-right of the IDE.

5.4.2 Session Lifetimes

R Sessions are long-running tasks that continue to be available until you explicitly quit them (you can think of them as you’d think of multiple top-level RStudio windows running on the desktop). This means that you can kickoff a long running job in one session and then switch to another session, revisiting the original session later to check on it’s progress. As is also possible on the desktop, you can navigate between different projects and working directories within a session.

Sessions will suspend automatically when they are idle and then be automatically resumed next time they are accessed. To permanently quit a session you can use the Quit Session command located on the File menu or the corresponding toolbar button at the top right of the IDE.

5.4.3 Disabling Multiple Sessions

If you wish disable support for multiple sessions you can use the server-multiple-sessions option. For example:

/etc/rstudio/rserver.conf

server-multiple-sessions=0

5.5 PAM Sessions

RStudio Server Professional uses PAM (Pluggable Authentication Modules) for both user authentication as well to establish the environment and resources available for R sessions. This is accomplished using the PAM session API. PAM sessions are used for a variety of purposes:

  • To initialize environment variables
  • To automatically create local users after authentication or authorization against a directory server.
  • To mount remote drives
  • To initialize and destroy Kerberos tickets

This section explains how to configure and customize PAM sessions with RStudio Server.

5.5.1 Session PAM Profile

For PAM authentication RStudio Server uses the either the /etc/pam.d/other profile (Debian/Ubuntu) or /etc/pam.d/rstudio profile (RedHat/CentOS). However, for launching R sessions a different PAM profile is used. This is because the launching of R sessions may not coincide with authentication (e.g. returning to the site with login credentials cached in a cookie or resuming a suspended session). Therefore, the PAM directive that enables authentication with root privilege only (auth sufficient pam_rootok.so) needs to be present in the PAM profile.

Note: Some sssd configuration additionally require PAM account verification as root to present on both the auth and account directives in the PAM profile (auth sufficient pam_rootok.so and account sufficient pam_rootok.so). Be sure to include this if you see errors when starting new R sessions.

The behavior that RStudio Server requires is essentially same as that of the su command (impersonation of a user without a password). Therefore by default RStudio Server uses the /etc/pam.d/su profile for running R sessions.

The session PAM profile itself is also run whenever the user accesses the home page. Regardless of where the session actually runs (such as on another machine if using Job Launcher sessions), the PAM profile is executed on the RStudio Server instance itself when opened via the home page.

5.5.1.1 Creating a Custom Profile

The /etc/pam.d/su profile has different default behavior depending upon your version of Linux and local configuration. Depending upon what type of behavior you want associated with R sessions (e.g. mounting of disks, setting of environment variables, enforcing of resource limits, etc.) you’ll likely want to create a custom profile for R sessions. For example, if you wanted to use a profile named rstudio-session you would add this to the configuration file:

/etc/rstudio/rserver.conf

auth-pam-sessions-profile=rstudio-session

Here is in turn what the custom profile might contain in order to enable a few common features of PAM sessions (this is based on a modified version of the default su profile on Ubuntu):

/etc/pam.d/rstudio-session

# This allows root to su without passwords (this is required)
auth       sufficient pam_rootok.so

# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
# parsing /etc/environment needs "readenv=1"
session    required   pam_env.so readenv=1

# Locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session    required   pam_env.so readenv=1 envfile=/etc/default/locale

# Enforces user limits defined in /etc/security/limits.conf
session    required   pam_limits.so

# The standard Unix authentication modules
@include common-auth
@include common-account
@include common-session

5.5.1.2 Custom Profile with Passwords

Note that in the above configuration we rely on pam_rootok.so to enable authentication without a password. This is necessary because RStudio Server doesn’t retain the passwords used during the authentication phase.

In some situations however passwords are important for more than just authentication. PAM profiles support a use_first_pass directive to forward passwords used during authentication into other modules (for example, to request a Kerberos ticket with pam_krb5.so or to mount an encrypted or remote drive with pam_mount.so). For these scenarios RStudio Server supports an optional mode to retain passwords after login and then forward them into the PAM session profile. This is enabled via the auth-pam-sessions-use-password setting:

/etc/rstudio/rserver.conf

auth-pam-sessions-use-password=1

Note: This setting is only available when using PAM authentication.

In this scenario you should remove the auth sufficient pam_rootok.so directive and replace it with whatever authentication directives apply in your environment. You can then employ the use_first_pass directive to forward the password as necessary to other modules.

For example, here’s a very simple RedHat/CentOS PAM configuration file that uses system default authentication and forwards the password into the pam_mount.so module. Note that we are no longer using pam_rootok.so because the password is now available when the session is created.

/etc/pam.d/rstudio-session

# Auth/account (use system auth and forward password to pam_mount)
auth     include    system-auth
auth     optional   pam_mount.so use_first_pass
account  required   pam_unix.so

# Session (read environment variables and enforce limits)
session  required   pam_env.so readenv=1
session  required   pam_env.so readenv=1 envfile=/etc/default/locale
session  required   pam_limits.so

Note that this configuration requires that RStudio Server retain user passwords in memory. This retention is done using industry best-practices for securing sensitive in-memory data including disabling ptrace and core dumps, using mlock to prevent paging into the swap area, and overwriting the contents of memory prior to freeing it. When using Job Launcher, the passwords are securely transmitted in encrypted form to different nodes or containers running the R sessions.

Note: Launcher will require TLS to be configured in order to allow PAM profiles with passwords to be used.

5.5.2 PAM Session Cleanup

By default, RStudio Server does not close PAM sessions when their associated R process exits. This is because PAM sessions often initialize and maintain resources that require more persistence that the lifetime of a single R session (e.g. mounted drives, Kerberos tickets, etc.). If a user has multiple active R sessions then closing the PAM session associated with one of them might unmount a drive or revoke a ticket that is still required by another R session.

It is however possible to manually close the PAM session associated with an R session by force suspending it. This can be accomplished in one of two ways:

If you prefer that PAM sessions be closed whenever their associated R session exits you can use the auth-pam-sessions-close setting. For example:

/etc/rstudio/rserver.conf

auth-pam-sessions-close=1

Note that if you specify this setting be aware that depending upon what resources are managed by your PAM sessions it may be incompatible with users running multiple concurrent R sessions (because for example a drive might be unmounted from underneath a running session). In this case you may wish to disable support for multiple R sessions (see the section on Multiple R Sessions for details on how to do this).

5.5.3 PAM Sessions with the Job Launcher

When launching sessions via the Job Launcher, you must also configure PAM on any Launcher nodes (for Local or Slurm plugins) and within any containers used (if using Kubernetes). That’s because PAM sessions are needed at the point where the R session is run, which for Launcher means some machine/container other than the one where RStudio Server is running. The PAM configuration is still required at the Server machine for authentication purposes.

Launcher session PAM profiles run with different permissions at different stages of the session launch pipeline. When a user visits the RStudio home page for the first time, their PAM session is initiated with root privilege, allowing the session to rely on pam_rootok.so, as discussed in the previous sections, and it is opened on the RStudio Server Pro instance itself. However, Job Launcher sessions themselves never have true root privilege (unlike traditional session launches which have root privileges during early initialization), and thus cannot rely on pam_rootok.so. Their PAM sessions are opened on the actual instance where the session is running (e.g. a Kubernetes or Slurm node).

It is generally sufficient to simply do all your necessary setup, such as user directory creation, whenever the user accesses the home page for the first time. This means that you can rely on pam_rootok.so and do not need password forwarding. However, if you need to also ensure that PAM sessions are created when actual sessions are started (e.g., for Kerberos or pam_mount), you will need to enable auth-pam-sessions-use-password to forward the user’s PAM credentials to the session.

Note: When Kerberos or LDAP/Active Diretory are required for PAM sessions, individual Launcher nodes or Kubernetes containers will have to either join the Kerberos domain or be configured to use sssd for obtaining LDAP/AD users and groups.

When forwarding credentials over a TCP connection, we require that Job Launcher connections be secured with SSL to prevent leaking of the credentials. Therefore, if auth-pam-sessions-use-password is set for Launcher sessions, you will also need to set launcher-use-ssl and configure the Job Launcher to use SSL (see the Job Launcher SSL Considerations section for more info).

The following sample configuration demonstrates forwarding of PAM user credentials to Job Launcher sessions. This is only recommended if it is absolutely necessary to start PAM sessions whenever Launcher sessions are started, and it is not sufficient to simply start a PAM session whenever the user accesses the homepage for the first time:

/etc/rstudio/rserver.conf

launcher-sessions-enabled=1
launcher-use-ssl=1
auth-pam-sessions-enabled=1
auth-pam-sessions-profile=rstudio
auth-pam-sessions-use-password=1

The following sample configuration demonstrates a basic PAM setup where it is sufficient to only start PAM sessions when users visit the homepage, and thus no PAM sessions are started when Launcher sessions are started:

/etc/rstudio/rserver.conf

launcher-sessions-enabled=1
auth-pam-sessions-enabled=1
auth-pam-sessions-profile=rstudio

5.5.4 Disabling PAM Sessions

If you don’t want RStudio Server to utilize PAM sessions you can disable this feature using the auth-pam-sessions-enabled setting. For example:

/etc/rstudio/rserver.conf

auth-pam-sessions-enabled=0

Warning: When using sssd to automatically provision local system accounts using LDAP or Active Directory, RStudio relies on PAM sessions configured with pam_mkhomedir (or equivalent) to create the home directories of a user that has never logged into the server. Disabling PAM sessions in this scenario may cause permission errors when starting session unless other methods for creating users’ home directories are used.

Important: PAM sessions are initially disabled by default when using RStudio Launcher to simplify its initial setup in a multi-node environment. However, many environments still require PAM sesssions and in those cases that needs to be explicitly enabled with Launcher.

5.6 Kerberos

You can use PAM sessions to arrange for Kerberos tickets to be made available for use by R sessions. This is accomplished using the pam_sss PAM module. Note that you may need to install this module separately depending on which Linux distribution/version you are running.

5.6.1 Configuration

Note: You should be sure to understand the previous section on PAM Sessions before attempting to modify your configuration to support Kerberos.

The following are simple examples of the pam_sss and sssd.conf configuration directives you would need to add to use Kerberos with RStudio. Note that the sssd Kerberos backend supports a large number of options, some of which may be required to get Kerberos working correctly in your environment. You should consult the documentation before proceeding to ensure you’ve specified all options correctly.

Important: If you are migrating your Kerberos settings from the now deprecated pam_krb5 to pam_sss, consult the pam_krb5 migration documentation for additional information.

The main PAM profile for RStudio should be modified to include the following pam_sss directives:

/etc/pam.d/rstudio

auth       sufficient     pam_sss.so
account    required       pam_sss.so
session    requisite      pam_sss.so

In addition to modifying the main PAM profile, you will also need to create a custom PAM session profile for RStudio (as described in Creating a Custom Profile). This needs to include the appropriate pam_sss directives. For example:

/etc/pam.d/rstudio-session

auth        required      pam_sss.so
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
password    sufficient    pam_sss.so use_authtok
session     requisite     pam_sss.so

Note that typically when you create a custom PAM session profile you include the auth sufficient pam_rootok.so directive. However, in the case of configuring for Kerberos authentication you do not want this directive, rather you need to specify that authentication is done by Kerberos using an explicit password as illustrated in the above example.

To ensure that the custom PAM session profile is used by RStudio Server and that PAM passwords are correctly forwarded to pam_sss you’ll also need to add the following entries to the rserver.conf config file:

/etc/rstudio/rserver.conf

auth-pam-sessions-profile=rstudio-session 
auth-pam-sessions-use-password=1

Finally, you will need to specify Kerberos settings in sssd.conf (usually located at /etc/sssd/sssd.conf). For more information on SSSD configuration, see the sssd.conf documentation and the sssd-krb5 documentation.

/etc/sssd/sssd.conf

[sssd]
services = nss, pam

# replace this with a comma-separated list of your configured SSSD domains
domains = TEST.EXAMPLE.COM

[domain/TEST.EXAMPLE.COM]
# can also be set to ad or local depending on your authentication setup
id_provider = ldap

auth_provider = krb5

# replace with the name of your Kerberos realm
krb5_realm = TEST.EXAMPLE.COM

# we recommend setting the debug level high to make troubleshooting easier
debug_level = 5

krb5_validate = true

# note that RHEL-7 default to KERNEL ccaches, which are preferred in most cases to FILE
krb5_ccachedir = /var/tmp

krb5_keytab = /etc/krb5.keytab

Some additional notes regarding configuration:

  • The debug setting in sssd.conf is not required however we recommend adding it as it makes troubleshooting much more straightforward.

  • The examples above are not complete examples but rather illustrations of the pam_sss and sssd.conf entries that need to be present. Your local environment may have many additional entries which you should ensure are also included as necessary.

You should be sure to suspend active R sessions and to restart RStudio Server after making configuration changes to ensure that the new settings are being used. You can do this as follows:

sudo rstudio-server force-suspend-all
sudo rstudio-server restart

5.6.2 Testing and Troubleshooting

After making the required configuration changes you should test your updated PAM configuration in isolation from RStudio Server using the pamtester utility as described in Diagnosing PAM Authentication Problems. The following command will test both authentication as well as issuing of Kerberos tickets:

sudo /usr/lib/rstudio-server/bin/pamtester --verbose \
  rstudio-session <user> authenticate setcred open_session

Note that you should substitute an actual local username for the <user> part of the command line.

The specifics of both PAM configuration and Kerberos configuration can vary substantially by environment. As a result correct configuration likely requires additional entries and options which this guide isn’t able to cover. Please refer to the documentation linked to in More Resources as well as the pam_krb5 for additional details.

5.7 Directory Management

5.7.1 Working Directories

The default working directory for both new R sessions and new R projects is the user’s home directory (~). You can change this behavior via the session-default-working-dir and session-default-new-project-dir configuration parameters within the rsession.conf config file.

For example, the set the default values to “~/working” and “~/projects” you’d use the following configuration:

/etc/rstudio/rsession.conf

session-default-working-dir=~/working
session-default-new-project-dir=~/projects

You should ensure that users have the permissions required to write to the specified default directories. The specified directories will be automatically created if they don’t already exist.

Note that these settings control only the default working and new project directories (users can still override these settings locally if they choose to).

5.7.2 Restricted Directories

Like most IDEs, RStudio Server allows users to open and edit any file to which they have read or write permission (respectively) at the filesystem level. However, in some environments it’s important to restrict access to system files from web front ends. RStudio Server can optionally enforce a restrictive mode for most directories, which will prevent users from using the IDE to open files in the directories. This is enabled by the restrict-directory-view option as follows:

/etc/rstudio/rsession.conf

restrict-directory-view=1

When enabled, RStudio Server users will only have access to open files from the following in the IDE:

  • Home directories
  • R and R library directories
  • RStudio Server-specific directories
  • User/session specific temporary directories

If you wish to allow users to open and view files in a directory that RStudio would ordinarily forbid access to, you can change the directory-view-whitelist setting. This setting accepts a list of directories to enable access to, separated by :. For example, if you wish to allow users to open files from /var/run and /usr/share/examples:

/etc/rstudio/rsession.conf

directory-view-whitelist=/var/run:/usr/share/examples

Note that this setting only applies to RStudio’s IDE web interface. Users will still have access to other files on the system using R itself and/or the Terminal interface. Follow security best practices by relying on operating system-level file permissions, not front end restrictions, to guard access to sensitive content and files.

5.8 Workspace Management

5.8.1 Default Save Action

When a user exits an R session they need to choose whether to save their R workspace (i.e. .RData file). RStudio has global and per-project settings that control what happens when a workspace has unsaved changes. Possible values are:

  • ask – Ask whether to save the workspace file
  • yes – Always save the workspace file
  • no – Never save the workspace file

The default global setting is ask and the default project-level setting is derived from the current global setting (these options can be modified by end users via the Global Options and Project Options dialogs respectively).

The default global setting can also be changed via the session-save-action-default configuration parameter in the rsession.conf config file. For example, to change the default value to no you would use this:

/etc/rstudio/rsession.conf

session-save-action-default=no

Note that this setting is specified in the rsession.conf config file and takes effect the next time a user launches an R session (rather than requiring a full restart of the server).

5.8.2 Suspend and Resume

When R sessions have been idle (no processing or user interaction) for a specified period of time (2 hours by default) RStudio Server suspends them to disk to free up server resources. When the user next interacts with their session it is restored from disk and the user resumes right back where they left off. This is all done seamlessly such that users aren’t typically aware that a suspend and resume has occurred.

5.8.2.1 Session Timeout

To configure the amount of idle time to wait before suspending sessions you can use the session-timeout-minutes setting in the /etc/rstudio/rsession.conf file. For example:

/etc/rstudio/rsession.conf

session-timeout-minutes=360

The default value if none is explicitly specified is 120 minutes.

Important: this setting and a few others discussed in this section are specified in the /etc/rstudio/rsession.conf file (rather than the rserver.conf file previously referenced).

There are some conditions where an R session will not be suspended, these include:

  1. When a top-level R computation is running
  2. When the R prompt is not in it’s default state (e.g. during a debugging session)

You can also specify that R sessions should never be suspended by setting the session-timeout-minutes to zero. For example:

/etc/rstudio/rsession.conf

session-timeout-minutes=0

You can also set session timeouts on a per-user or per-group basis, see the User and Group Profiles section for details.

If you simply want the session process to quit (and lose all unsaved work in the process) instead of suspending to disk, you can turn the session-timeout-suspend option off, like so:

session-timeout-minutes=90
session-timeout-suspend=0

The above example will quit idle sessions after 90 minutes, discarding any unsaved data.

5.8.2.2 Forcing Suspends

You can force the suspend of individual sessions or even all sessions on the server. You can do this directly from the main page of the Administrative Dashboard or from the system shell as follows:

$ sudo rstudio-server force-suspend-session <pid>
$ sudo rstudio-server force-suspend-all

5.8.2.3 Resume and .Rprofile

By default the Rprofile.site and .Rprofile files are not re-run when a session is resumed (it’s presumed that all of their side-effects are accounted for by simply restoring loaded packages, options, environment variables, etc.).

In some configurations it might be desirable to force the re-execution of profile files. There is an end user option that controls this on the General options pane which defaults to false. However, server administrators may wish to ensure that this option defaults to true. To do this you use the session-rprofile-on-resume-default option. For example:

/etc/rstudio/rsession.conf

session-rprofile-on-resume-default=1

Note that this setting is specified in the rsession.conf config file and takes effect the next time a user launches an R session (rather than requiring a full restart of the server).

5.8.2.4 Child Processes

By default, when sessions are quit or suspended, child processes created in the session will continue to run. You can specify whether or not that should occur by specifying the session-quit-child-processes-on-exit setting in /etc/rstudio/rsession.conf. The allowed values are 1 or 0 to quit child processes or leave them running, respectively.

For example, to quit child processes when the session exits:

/etc/rstudio/rsession.conf

session-quit-child-processes-on-exit=1

Note that this setting is specified in the rsession.conf config file and takes effect the next time a user launches an R session (rather than requiring a full restart of the server). Also, users can specifically override this setting in their project settings.

5.8.2.5 Session Timeout Kill

To configure the amount of time to wait before forcefully killing and destroying sessions you can use the session-timeout-kill-hours option in the /etc/rstudio/rsession.conf file. This allows you to specify how much time should pass before a session is automatically cleaned up. This is the length of time during which a session exists without user input (regardless of computation status) allowing you to automatically reclaim temporary disk space used by the session, and to stop its processes and children.

This setting should only be used to ensure that any sessions that users have forgotten about are destroyed, reclaiming valuable disk space.

Sessions can be destroyed while important computations are executing. The user whose session is cleaned will also lose all unsaved code and data.

This setting can also be used in conjunction with session-timeout-minutes, allowing already suspended sessions to be cleaned up.

For example:

/etc/rstudio/rsession.conf

session-timeout-kill-hours=48

The default value if none is explicitly specified is 0 hours, meaning sessions will never be killed and destroyed automatically. The supplied value should be an integer representing the amount of hours a session can be idle before being killed.

5.8.3 Workspace Storage

Storage of workspaces (.RData files) in RStudio Server does not use compression by default. This differs from the behavior of base R. Compression is disabled because we’ve observed that for larger workspaces (> 50MB) compression can result in much lower performance for session startup and suspend/resume (on the order of 3 or 4 times slower).

The default workspace save options under RStudio Server are as follows:

options(save.defaults=list(ascii=FALSE, compress=FALSE))
options(save.image.defaults=list(ascii=FALSE, safe=TRUE, compress=FALSE))

If you wish to use different defaults you can define the save.defaults and/or save.image.defaults options in your Rprofile.site or per-user .Rprofile and RStudio Server will respect the settings you specify rather than using it’s own defaults.

See https://stat.ethz.ch/R-manual/R-devel/library/base/html/save.html for additional details on how R saves objects and the storage and performance implications of using compression.

5.8.4 User State Storage

By default, RStudio Server stores each user’s state in their home directory, in the following folder:

~/.local/share/rstudio

This folder contains information on all of a user’s active RStudio sessions, including all of the session data when the session is suspended. It also includes various internal RStudio state. Deleting it will result in a factory-fresh RStudio experience for the user, with the exception of their per-user settings (which are described in Customizing Session Settings).

Because this folder can include arbitrary amounts of suspended session data, it can become very large. We recommend ensuring that each user has sufficient disk space quota to store suspended sessions along with the data for their R projects, and using other controls to clean up old data (such as session-timeout-kill-hours)

Note: RStudio Server Pro 1.3 and earlier stored user state in the folder ~/.rstudio (non-configurable). If you are upgrading to RStudio 1.4 from an earlier release, RStudio will automatically move user state to the new location when the user starts their first IDE session after the upgrade. If there’s a possibility you may downgrade to a prior RStudio release, we recommend configuring RStudio Server Pro to use the old location temporarily; see below for instructions.

5.8.4.1 Storage Location Customization

If it is necessary to store user state in another folder to relieve disk quota pressure or comply with other requirements, you can customize it using the XDG_DATA_HOME environment variable. XDG_DATA_HOME must be set for the entire RStudio Server process tree, since RStudio Server needs to write and read user state both inside and outside R sessions (so attempting to set it in session startup scripts like Rprofile.site or rsession-profile is inadequate and may result in inconsistent behavior).

If your Linux distribution uses the systemd init system, run sudo systemctl edit rstudio-server. In the editor, add the following section to the file (replacing /mnt/storage with your choice of root, of course). Note that the rstudio folder is not included in this path; this is a configuration root directory that will be respected by other applications that use the XDG standard.

[Service]
Environment="XDG_DATA_HOME=/mnt/storage/$USER"

If your Linux distribution does not use the systemd init system, consult the documentation for your Linux distribution to learn which init system it uses and the appropriate method for setting environment variables for the rstudio-server service.

In the example above, the state for the user bob would be stored in /mnt/storage/bob/rstudio. The following special variables are expanded in the value:

Variable Expands To
$USER $HOME $HOSTNAME User’s Unix username User’s home directory Name of current host

The $HOSTNAME value can be useful to avoid conflicts between hosts running distinct RStudio installations that share a file system, but note that $HOSTNAME should only be used in installations wherein the RStudio server and R session are on the same host. It’s important that all the machines in an installation agree on the path to the user state.

5.8.4.2 Permissions Considerations

You must ensure that the folder that hosts user state data is writable by all RStudio Server users, since the R session (running as the user) will create the state folder if it does not exist. In the example above, bob would need write access to /mnt/storage to create /mnt/storage/bob/rstudio.

Note that the user’s default umask will be used to set permissions on this folder (i.e. RStudio Server does not attempt to set them). We recommend ensuring that user umasks are configured such that the folder, when created, will not be readable by other users. If you want the folder to be created with permissions other than those it would receive via umask, you can create it via some other means prior to a user’s first interaction with rStudio Server; RStudio Server will not attempt to re-create the folder or change permissions if it already exists.

5.8.4.3 Compatibility, Sharing, and Exact Locations

XDG_DATA_HOME affects many different XDG-compliant applications, and it sets a base (root) directory, to which /rstudio is appended to form the final path. If you wish to set the exact path, or want to avoid side effects in other applications, use the environment variable RSTUDIO_DATA_HOME instead of XDG_DATA_HOME.

For example, RStudio 1.3 and prior stored user state in the folder ~/.rstudio. If you wish to continue using this folder in RStudio 1.4 and later, you could use the following setting (again, in sysctl edit rstudio-server):

[Service]
Environment="RSTUDIO_DATA_HOME=$HOME/.rstudio"

Note however that having two different RStudio installations with different versions of RStudio sharing a user state folder is unsupported and can lead to runtime errors or data corruption, as RStudio’s internal state structure changes between versions. If you have multiple RStudio installations with different versions that are run by concurrently by users, we recommend using RSTUDIO_DATA_HOME to create distinct user state folders, ensuring that these installations don’t corrupt each others’ state.

If RSTUDIO_DATA_HOME and XDG_DATA_HOME are both set, RSTUDIO_DATA_HOME takes precedence.

5.8.4.4 Job Launcher Mounts

Finally, if you are using containerized sessions with the Job Launcher, and you mount RStudio Server’s user state data to a folder outside their home directory, you must ensure that directory is mounted into the containers in addition to the home directory itself. See Launcher Mounts for more information about mounting folders into containerized sessions.

5.9 First Project Template

5.9.1 Overview

RStudio allows you to specify a first project to automatically open for first time users of the system. To do this, set the session-first-project-template-path parameter in rsession.conf to an RStudio project directory. This directory will be copied into the user’s home directory upon first running the IDE, and will automatically open the project contained within. For example:

/etc/rstudio/rsession.conf

session-first-project-template-path=/etc/rstudio/welcome-project

In the example above, the project located within /etc/rstudio/welcome-project would be copied to users’ home directories when first starting RStudio, and the project file welcome-project.Rproj would be run.

The project file must be named the same as the directory it is contained in. For the above example, the project file must be named welcome-project.Rproj. In addition, you must ensure that the project directory is fully readable and executable by your users, as they will be copying the contents of the directory into their home directory.

If you copy an existing project to be used as a project template, ensure that you delete the RStudio metadata folders and files contained within the project directory. You will want to ensure you delete the following:

.Rproj.user .Rhistory .RData

If you are creating the project template for the first time, the project (.Rproj) file must contain the version specifier at a minimum. For example:

welcome-project.Rproj

Version: 1.0

5.9.2 Project DefaultOpenDocs

Project files allow you to specify default documents that should be opened when a project is opened for the very first time. For example, you could have your welcome project bring up explanatory documents to help guide your users. To do this, add the DefaultOpenDocs line to the .Rproj file. For example:

welcome-project.Rproj

Version: 1.0
DefaultOpenDocs: welcome.txt:firstMarkdown.Rmd

The DefaultOpenDocs parameters specifies a list of files to automatically be opened when the project is opened for the first time, separated by a : character. These files are relative paths to the project directory. Only files contained within the project directory can be opened.

5.10 Project Sharing

5.10.1 Overview

Project Sharing is a feature of RStudio Server Pro that enables users to work together on RStudio projects. When enabled, a project owner may select any number of other RStudio Server users as project collaborators. RStudio Server manages the permissions of files in the project to ensure that all collaborators can access them, enables multiple collaborators to edit a file simultaneously, and lets collaborators see who else is working inside a project with them.

5.10.2 Prerequisites

Due to high latencies, use of EFS (Elastic File System) for project sharing directories within AWS is strongly discouraged. If EFS is used, RStudio Server will experience highly degraded performance. We recommend using a traditional NFSv3 or NFSv4 mount instead.

The following sections outline additional prerequisites that your file system must meet.

5.10.2.1 Access Control Lists

To use Project Sharing, the directories hosting the projects to be shared must be on a volume that supports Access Control Lists (ACLs). RStudio Server uses ACLs to grant collaborators access to shared projects; ordinary file permissions are not modified.

Instructions for enabling ACLs vary by Linux distribution and filesystem type (see the Guide to enabling ACLs on Ubuntu or RedHat, for example). RStudio supports both NFSv3 (POSIX compatible) and NFSv4 ACLs.

5.10.2.2 Shared Projects Root Directory

RStudio cannot grant access to shared projects in arbritary locations. This would lead to unintended changes to the file system ACLs.

By default only projects stored within the users’ home directories can be shared. If you want share projects in a different location you can configure RStudio with an additional root directory for all users:

/etc/rstudio/rserver.conf

server-project-sharing-root-dir=/projects

5.10.2.3 Project Sharing and NFS

If you plan to use Project Sharing with NFS-mounted volumes, there are several caveats you should be aware of.

  • We recommend mounting NFS with the noac mount option. Without this option, NFS caches file attributes, so it may not be possible for users working simultaneously in a project to know whether they’re seeing each others’ latest changes. The noac option does reduce performance, however, so we recommend testing to choose the right trade off for your environment.

  • Some features which automatically update when directory contents change will not update on NFS. For instance, users may need to manually refresh the Files pane to see new files added by collaborators.

  • ACL support on NFS is more complicated than ACL support on local file systems. Read ACLs on Linux NFS for a discussion of the issues; guidance for configuring specific NFS versions is provided below.

5.10.2.3.1 Determining NFS Version

Project Sharing works with versions 3 and 4 of the NFS protocol. However, some additional configuration may be necessary depending on the NFS version and underlying filesystem. To determine your NFS client version, run the following command on your RStudio Server Pro instance:

$ nfsstat -m

You should see vers=3.0 in the output if you’re using NFSv3, and vers=4.0 if you’re using NFSv4. Extra RStudio configuration is required for NFSv4 clients (see below).

5.10.2.3.2 NFSv3

To use NFSv3 access control lists, you will need to ensure that the filesystem is mounted with the acl attribute, and modify /etc/fstab if necessary to persist the attributes.

Note that many Linux distributions now have ACLs enabled by default in which case no special configuration is required. You can use the tune2fs command to inspect the attributes with which your filesystem is mounted (user_xattr and acl are required for project sharing).

On most systems this is the default, so you need only ensure that noacl is not present. It’s also necessary for the file system on the NFS server to itself be appropriately configured for ACL support; see the section above on Access Control Lists for guidance. Not all file servers that support the NFSv3 protocol also support POSIX compatible ACLs.

To test for POSIX compatible ACLs, you can use the setfacl command as follows:

setfacl -m u:user2:x /home/user1/project

where /home/user1/project is the full path to a directory owned by user1, and user2 is another valid user on the system.

Because many Linux systems support POSIX compatible ACLs on the native filesystem, RStudio uses them by default. You can also specify them explicitly as follows:

/etc/rstudio/rsession.conf

nfs-acl-version=nfsv3
5.10.2.3.3 NFSv4

Version 4 of the NFS protocol uses a very different permissions and ACL model from Version 3. Not all NFSv4 servers support or expose the NFSv4 ACL model, so check with the server administrator to determine whether the capability exists and/or can be enabled.

Testing for support

To test NFSv4 ACL support, you can use the nfs4_setfacl command as follows:

nfs4_setfacl -a A::user2@domain:rax /home/user1/project

where /home/user1/project is the full path to a directory owned by user1, user2 is another valid user on the system, and domain is your system’s user domain. Verify that this command succeeds, and that the new ACL entry for user2@domain is visible when you retrieve it:

nfs4_getfacl /home/user1/project

This presumes that your environment supports using user/domain pairs as security principals. While most environments do, there are two different ways to specify security principals in NFSv4 ACLs: by user name and domain (preferred) or user ID. RStudio can use either, but you’ll need to choose one appropriate for your network environment. If unsure, examine the output of the nfs4_getfacl operation described above. The security principal (the part after e.g., A:: on each line) will be displayed as either a large integer (UID) or in username@domain format.

Using user name and domain security principals

NFSv4 ACLs differ from NFSv3 ACLs in that they can associate a domain with each user named in the access control list. This is typically the same as the domain part of the machine’s host name, but can be any string that the NFSv4 client and server agree on. On Linux systems, the domain can be set in /etc/idmapd.conf.

Tell RStudio Server the NFSv4 domain you want to use as follows:

/etc/rstudio/rsession.conf

nfs-acl-version=nfsv4
nfs4-principal-type=username
nfs4-domain=mydomain.com

Using user ID security principals

In some environments, it may not be possible to resolve fully qualified user@domain security principals on all of the nodes running RStudio Server. This is common on e.g., Kubernetes nodes which are not domain-joined. In this case, it’s possible to use raw User ID (UID) values as security principals in the access control list. You can tell RStudio Server to write raw UIDs as security principals in NFSv4 access control lists as follows:

nfs-acl-version=nfsv4
nfs4-principal-type=uid

5.10.2.4 User Visibility

Projects can only be shared with users with provisioned local system accounts unless LDAP is used for local account provisioning.

The RStudio user database is scanned to list Project Sharing users. This method of user scanning avoids making calls to the system to determine the available users, and prevents making queries to the system password database (such as LDAP). However, it only lists users who have previously logged in to RStudio. To instead show all users on the server, set the following configuration to scan the system password database:

/etc/rstudio/rsession.conf

project-sharing-enumerate-server-users=1

When scanning via the system password database, if you’re using sssd with LDAP, you may need to enable user enumeration so that RStudio Server Pro can search the directory to create a list of users you can share a project with. To do this, set the following in your sssd.conf file:

[domain/<domainname>]
enumerate = true

Alternatively, the auth-required-user-group setting can be used. This setting allows RStudio Server Pro to enumerate only the members of the named groups rather than the entire user directory. Therefore, if you cannot enable user enumeration on your LDAP provider, you can instead create a group containing all RStudio users and supply it as the auth-required-user-group.

You can read more about user enumeration in the sssd FAQ.

5.10.2.5 Shared Storage

To use Project Sharing, a directory must be specified to which all users on the server can read and write. It must also have the sticky bit set, so that users cannot remove each others’ content. In a single-server installation, RStudio uses this location by default:

/var/lib/rstudio-server/shared-storage

In a load-balanced configuration, however, RStudio does not provide a default, so it is necessary to provision a path both visible to and writable by all users on the system (typically on the same filesystem on which home directories are mounted). This path can be supplied to RStudio Server via the server-shared-storage-path option, for example:

/etc/rstudio/rserver.conf

server-shared-storage-path=/shared/rstudio-server/shared-storage

The server-shared-storage-path option (described above) configures the path used for shared project storage. Note that this storage contains only links to shared projects, not the projects themselves, so requires a very small amount of physical storage.

5.10.2.5.1 Launcher Considerations

When configuring RSP to work with the RStudio Job Launcher, it is recommended to configure the Shared Storage path in a location that will be reachable both by the RStudio Server Pro instance and each Launcher Session. See the Launcher Sessions section for more details.

5.10.2.6 Proxy Settings

If you are running RStudio Server with a proxy, you’ll need to make sure that your proxy is correctly configured to pass websocket connections through in order for all Project Sharing features to work. See the Running with a Proxy section for more on this.

5.10.3 Disabling Project Sharing

Project Sharing is enabled by default however you can disable it using the server-project-sharing option, for example:

/etc/rstudio/rserver.conf

server-project-sharing=0

5.11 Package Installation

You can customize the location of user packages installed from CRAN as well as the default CRAN repository. You can also configure the user-interface of the RStudio IDE to discourage end-user package installation in the case where packages are deployed centrally to a site library.

Important: The settings discussed in this section are specified in the /etc/rstudio/rsession.conf file (rather than the rserver.conf file previously referenced).

5.11.1 User Library

By default R packages are installed into a user-specific library based on the contents of the R_LIBS_USER environment variable (more details on this mechanism are here: http://stat.ethz.ch/R-manual/R-devel/library/base/html/libPaths.html).

It’s also possible to configure an alternative default for user package installation using the r-libs-user setting. For example:

/etc/rstudio/rsession.conf

r-libs-user=~/R/library/%v

R interprets %v to be the major.minor version of R; for example the above would cause R 3.6 to use a package library located at ~/R/library/3.6.

5.11.1.1 Unversioned R Library

R doesn’t guarantee ABI compatibility between minor versions, so when you use packages that include compiled code, you will want to ensure that each version of R has its own library. Otherwise, compiled code may cause crashes or other unexpected behavior when R is upgraded.

However, if you do not use any compiled packages, you can share a library between R versions (e.g. just ~/R/library). This makes it possible to upgrade the major version of R on the server and have user’s packages continue to work.

5.11.1.2 Upgrading R

You can read more about package library considerations when upgrading R in the following article:

Upgrading to a New Version of R

5.11.2 Discouraging User Installations

It may be that you’ve configured RStudio Server with a site package library that is shared by all users. In this case you might wish to discourage users from installing their own packages by removing the package installation UI from the RStudio IDE. To do this you use the allow-package-installation setting. For example:

/etc/rstudio/rsession.conf

allow-package-installation=0

Note that this setting merely discourages package installation by removing user-interface elements. It’s still possible for users to install packages directly using the utils::install.packages function.

5.11.3 CRAN Repositories

RStudio Server uses the RStudio CRAN mirror (https://cran.rstudio.com) by default. This mirror is globally distributed using Amazon S3 storage so should provide good performance for all locales. You may however wish to override the default CRAN mirror. This can be done with the r-cran-repos settings. For example:

/etc/rstudio/rsession.conf

r-cran-repos=http://cran.at.r-project.org/

Whatever the default CRAN mirror is, individual users are still able to set their own default. To discourage this, you can set the allow-r-cran-repos-edit settings. For example:

/etc/rstudio/rsession.conf

allow-r-cran-repos-edit=0

Note that even with user editing turned off it’s still possible for users to install packages from alternative repositories by directly specifying the repos parameter in a call to install.packages.

To specify a list of CRAN repos, define a /etc/rstudio/repos.conf file containing the primary CRAN repo and named secondary repos. For example:

/etc/rstudio/repos.conf

CRAN=https://cran.rstudio.com
Australia=https://cran.ms.unimelb.edu.au/
Austria=https://lib.ugent.be/CRAN/

To change the location of repos.conf, use the r-cran-repos-file setting. For example, by adding to rsession.conf:

r-cran-repos-file=/etc/rstudio/mirrors.conf

Optional CRAN repos can be made available for users in RStudio Server with the r-cran-repos-url setting, this setting expects a URL to retrieve a configuration file containing named secondary repos. These secondary repos won’t be set by default, but rather, RStudio Server will list them to users to be manually added to their repo selection. For example:

http://custom-domain/repos.conf

Australia=https://cran.ms.unimelb.edu.au/
Austria=https://lib.ugent.be/CRAN/

Notice that the allow-r-cran-repos-edit option can also be used to disallow secondary repos and that repos.conf overrides the r-cran-repos setting, if specified.

5.12 Feature Limits

RStudio Server has a number of other limits that can be configured. This section describes these limits. Note that these settings are specified in the /etc/rstudio/rsession.conf file (rather than the rserver.conf file previously referenced).

5.12.1 Disabling Access to Features

Besides the limits on package installation and CRAN repository editing described in the previous section there are a number of other limits that can be specified. The following describes all of the options that can be used to limit features.

/etc/rstudio/rsession.conf

allow-vcs

Allow access to Git and SVN version control features.

allow-vcs-executable-edit

Allow editing of the underlying Git or SVN executable.

allow-package-installation

Allow installation of packages using the Packages Pane (note that even if this is set to 0 it’s still possible to install packages using utils::install.packages from the command line).

allow-r-cran-repos-edit

Allow editing of the CRAN repository used for package downloads (note that it’s still possible to specify an alternate repository using the repos parameter of utils::install.packages).

allow-shell

Enable integrated terminal feature (note that it’s still possible to execute shell commands using the system function).

allow-terminal-websockets

Allow integrated terminal feature to use WebSockets for better responsiveness.

allow-file-downloads

Allow downloading files using the Export command in the Files Pane.

allow-file-uploads

Allow uploading files using the Upload command in the Files pane.

allow-external-publish

Allow content to be published to external (cloud) services. This includes publishing HTML documents created with R Markdown or R Presentations to RPubs (http://rpubs.com), and publishing Shiny applications and documents to ShinyApps.io (http://shinyapps.io). Note that this just removes the relevant user interface elements in the IDE, and that it may still be possible for users to publish content using the R console.

allow-publish

Allow content to be published. If specified, this option removes all user interface elements related to publishing content from the IDE, and overrides allow-external-publish.

allow-launcher-jobs

Allow running standalone adhoc Job Launcher jobs from the Jobs pane.

All of these features are enabled by default. Specify 0 to disable access to the feature.

Note that these options should be specified in the /etc/rstudio/rsession.conf configuration file (rather than the main rserver.conf configuration file).

5.12.2 Maximum File Upload Size

You can limit the maximum size of a file upload by using the limit-file-upload-size-mb setting. For example, the following limits file uploads to 100MB:

/etc/rstudio/rsession.conf

limit-file-upload-size-mb=100

The default behavior is no limit on the size of file uploads.

5.12.3 CPU Time per Computation

If you want to prevent runaway computations that consume 100% of the CPU you can set the maximum number of minutes to allow top-level R computations to run for using the limit-cpu-time-minutes setting. For example:

/etc/rstudio/rsession.conf

limit-cpu-time-minutes=30

This specifies that no top level computation entered at the R console should run for more than 30 minutes. This constraint is implemented by calling the R setTimeLimit function immediately prior to handing off console commands to R. As a result it is possible for a particular script to override this behavior if it knows that it may exceed the threshold. This would be done as follows:

setTimeLimit(cpu = Inf)
# Long running R code here...

5.12.4 XFS Disk Quotas

If your system uses the XFS file system (http://en.wikipedia.org/wiki/XFS) then RStudio Server can be configured to notify users when they come close to or exceed their disk quota. You can enable this using the limit-xfs-disk-quota setting. For example:

/etc/rstudio/rsession.conf

limit-xfs-disk-quota=1

The user’s XFS disk quota will be checked when the RStudio IDE loads and a warning message will be displayed if they are near to or over their quota.

5.13 Notifications

Administrators can broadcast notifications to user sessions in real-time using the notifications.conf file located at /etc/rstudio/notifications.conf. This file comes by default with commented out entries that you can uncomment and use, and helps show you the available time and message formats.

Each session monitors for changes in the notifications.conf file, and if a new notification is detected, it will be shown to the user at the appropriate time (as defined in the next section). All open sessions for a user will receive the notification, and they will continue to see the notification in any new sessions they open until the notification is acknowledged.

Modifying a notification will cause it to count as a new notification, so make sure to only save changes to the file when you’ve confirmed what you want the message to be and what time it should be displayed. Otherwise, the same message could be shown multiple times.

5.13.1 notifications.conf format

The notifications.conf file is a file consisting of multiple notification entries separated by a blank line. The following table lists the fields that are available for each notification entry in the file.

StartTime The start time at which the notification can start to be delivered. This must be a time-formatted field. This field is not required.
EndTime The end time at which the notification will no longer be delivered. This must be a time-formatted field. This field is required.
Message The message content to show to the users. The message cannot have empty lines in it. This field is required.

An example notifications.conf file is shown below. For more information on the formatting of each field, see the subsequent sections.

/etc/rstudio/notifications.conf

StartTime: 2017-08-30 09:00:00 -5:00
EndTime: 2017-08-30 20:00:00 -05:00
Message: Please remember to shut down your computers at the end of the day.

StartTime: 2017-05-30 05:55
EndTime: 2017-06-13
Message: This is a test notification. Notifications can span
   multiple lines by indenting the next line's message text.
   Empty lines are not supported!

It is important that each entry consists of 2-3 fields as specified above (StartTime, EndTime, and Message). Each field must go on its own line. There should be no empty lines between field definitions.

For example, this is okay:

/etc/rstudio/notifications.conf

StartTime: 2017-08-30 12:00:00 -5:00
EndTime: 2017-08-30 20:00:00 -05:00
Message: Please remember to shut down your computers at the end of the day.

But this is not:

/etc/rstudio/notifications.conf

StartTime: 2017-08-30 12:00:00 -5:00

EndTime: 2017-08-30 20:00:00 -05:00

Message: Please remember to shut down your computers at the end of the day.

There must be one empty line (2 new line characters) in between separate notification entries.

For example, this is okay:

/etc/rstudio/notifications.conf

StartTime: 2017-08-30 08:00:00 -5:00
EndTime: 2017-08-30 20:00:00 -05:00
Message: Please remember to shut down your computers at the end of the day.

StartTime: 2017-08-30 08:00:00 -5:00
EndTime: 2017-08-30 20:00:00 -05:00
Message: Remember to drop off any borrowed equipment at Grace's office today only.

But this is not:

StartTime: 2017-08-30 12:00:00 -5:00
EndTime: 2017-08-30 20:00:00 -05:00
Message: Please remember to shut down your computers at the end of the day.


StartTime: 2017-08-30 12:00:00 -5:00
EndTime: 2017-08-30 20:00:00 -05:00
Message: Remember to drop off any borrowed equipment at Grace's office today only.

5.13.1.1 Time format

The time format fields, StartTime and EndTime, must be in one of the following formats:

YYYY-MM-DD

YYYY-MM-DD hh:mm

YYYY-MM-DD hh:mm:ss zh:zm

The following table shows the meaning of the format sections.

YYYY 4 digit year (example: 2017)
MM 2 digit month (example: 06)
DD 2 digit day (example: 28)
hh 2 digit hours (24 hour clock. example: 19)
mm 2 digit minutes (example: 15)
ss 2 digit seconds (example: 59)
zh Time zone hours offset (example: -06 for CST or -08 for PST)
zm Time zone minutes offset (usually just 00, different for only a few timezones)

If no time is specified, the time will be set to 00:00:00 in the current server time zone for start times and 23:59:59 in the current server time zone for end times.

If no seconds are specified, they will be set to 00 and the time is interpreted in the current server time zone.

Note that if you have sessions spanning multiple servers in different time zones and you want your notifications to display at a uniform time, you MUST manually set the timezone to what is appropriate. Otherwise, sessions in different time zones will see notifications in their local time.

The following table shows some example dates and how they would be formatted.

January 1st, 2020 at 6:00 PM in the server’s time zone 2020-01-01 18:00
July 31st, 2018 at midnight in the server’s time zone (for a start time) 2018-07-31
September 23rd, 2019 at 23:59:59 in the server’s time zone (for an end time) 2019-09-23
November 30th, 2020 at 9:14:12 in Pacific Standard Time 2020-11-30 09:14:12 -08:00

5.13.1.2 Message format

The message to deliver must be plain text and cannot have any empty lines. To start text on another line, simply indent the line as in the multiline example in the previous section.

5.14 RStudio Connect Server

Users on RStudio Server Pro can publish content to RStudio Connect. To do so, they must first specify the RStudio Connect server they wish to use. You can set the default RStudio Connect server URL to use when users are connecting to an account. To do so, use the default-rsconnect-server option:

/etc/rstudio/rsession.conf

default-rsconnect-server=http://connectserver/

5.15 Terminal WebSockets

The RStudio terminal pane uses WebSockets to communicate between the web browser and the session. If the attempt to connect with WebSockets fails, the terminal switches to a less responsive but generally more forgiving HTTP-based protocol.

Slow typing response in the terminal is a symptom of this slower protocol. You can check by starting a terminal, then going to Tools / Terminal / Terminal Diagnostics. Scroll down to Connection Information and look for “WebSocket connect error, switching to RPC”. This indicates that the terminal was unable to use WebSockets and has fallen back on the slower protocol.

Several settings are available for tuning the terminal’s use of WebSockets.

5.15.1 IDE Settings

In the IDE under Tools / Global Options / Terminal, there is a checkbox “Connect with WebSockets”. Unchecking this will cause terminals to always connect with the HTTP-based protocol.

5.15.2 Feature Limit

As mentioned earlier, the feature limit allow-terminal-websockets completely disables the use of WebSockets.

5.15.3 Advanced Settings

The following settings may be modified by adding them to the /etc/rstudio/rsession.conf file.

Setting Default Purpose
websocket-ping-seconds 10 How often a keep-alive is sent over the WebSocket, in seconds. Set to 0 to disable keep-alives. Many proxies will close inactive WebSockets so keeping enabled is recommended.
websocket-connect-timeout 3 How long terminal waits (in seconds) for WebSocket to connect before switching to the HTTP protocol. If set to 0 then the timeout of the web browser’s WebSocket implementation will be used; this is often quite lengthy (minutes).
websocket-log-level 0

Controls logging of WebSocket diagnostics. These are for troubleshooting only, and will appear in the RStudio R Console pane while enabled.

  • 0 = no WebSocket logging
  • 1 = log WebSocket errors
  • 2 = log WebSocket activity
  • 3 = log WebSocket errors and activity
websocket-handshake-timeout 5000 How long the server waits (in milliseconds) for WebSocket handshake to complete when connecting and disconnecting. Set to 0 to disable.

For example, this would double the number of keep-alive packets sent, wait longer before switching to HTTP, log information on WebSocket errors, and increase the handshake timeout to 15 seconds.

websocket-ping-seconds=5
websocket-connect-timeout=10
websocket-log-level=1
websocket-handshake-timeout=15000

For more background on the terminal feature, see this support article.

5.16 Customizing Session Settings

All of the session settings file locations described in this section conform to the XDG Base Directory Specification. They are configurable using environment variables:

Scope Default Environment
User ~/.config/rstudio XDG_CONFIG_HOME
System /etc/rstudio XDG_CONFIG_DIRS

In accordance with the Base Directory Specification, the environment variables specify the location of the rstudio folder. For example, to store system-wide preference configuration in /var/config/rstudio/rstudio-prefs.json, you would set the XDG_CONFIG_DIRS variable to the value /var/config.

If specified, the RStudio variables take precedence over the XDG variables. These variables specify a specific directory (not a base directory). For example, to store system-wide preferences in /var/config/settings/rstudio-prefs.json, you would set the RSTUDIO_CONFIG_DIR variable to the value /var/config/settings.

The examples in this section presume you’re setting system-wide settings in /etc/rstudio; in each case it’s also possible to use a different folder by changing environment variables as described above, or to apply the settings to individual user accounts by changing files in ~/.config/rstudio.

5.16.1 User Preferences

User preferences set in the RStudio IDE’s Global Options dialog can also be set in the JSON file rstudio-prefs.json, located in the settings directory described above.

5.16.1.1 Schema

The schema for the JSON file can be found at:

/usr/lib/rstudio-server/resources/schema/user-prefs-schema.json

It documents all of the preferences, shows data types and allowable values, and briefly explains the usage of each. You can see a summary of this information in the Session User Settings appendix.

5.16.1.2 Example

By default, RStudio Server only shows the server home page (session overview) to users who have multiple sessions running. If you’d like it to be shown to all users regardless of the number of running sessions, set it in the global user preferences file as follows:

/etc/rstudio/rstudio-prefs.json

{
    "show_user_home_page": "always"
}

5.16.2 Snippets

You can install global snippets files for all users in the /etc/rstudio/snippets folder. For example, if you’d like to create a snippet lib for an R library call:

/etc/rstudio/snippets/r.snippets

snippet lib
    library(${1:package})

You can also define snippets for CSS files in the file css.snippets, and so on. You can find documentation on the snippet file format in the Cloud 9 IDE snippet documentation.

Note that RStudio Server will not merge snippet files, which implies the following:

  • If you define your own snippets (for a given file type), they will replace those that ship with RStudio (for that same file type).
  • If users define their own snippets (for a given file type), changes to the system snippet file (for that same file type) won’t have any effect on those users.

5.16.3 Default Document Templates

RStudio typically opens new documents with completely blank contents. You can, however, define the contents of the blank document by creating a file named default.X in /etc/rstudio/templates, where X is the file extension you wish to customize. For example, to start all R scripts with a standard comment header users can fill out, you could use the following:

/etc/rstudio/templates/default.R

# -------------------------------------
# Script: 
# Author: 
# Purpose: 
# Notes:
#   
# Copyright(c) Corporation Name
# -------------------------------------

There are also some special R Markdown document template files which ship with RStudio; these, too, are customizable. In /etc/rstudio/templates, you can customize the following:

File Description
document.Rmd The default R Markdown document file content (without YAML header)
notebook.Rmd The default R Notebook file content (without YAML header)
presentation.Rmd The default R Markdown presentation file content (without YAML header)
shiny.Rmd The default Shiny R Markdown file content (without YAML header)

5.16.4 Color Themes

You can define additional custom themes for RStudio by placing .rstheme files in the following directory:

/etc/rstudio/themes

The .rstheme file contains plain-text CSS with some special metadata. You can create one by importing an existing TextMate theme file, or by starting from scratch (using an existing theme file as a template). Run the R command ?rstudioapi::addTheme for more help.

5.16.5 Fonts

RStudio’s code editor and R console use a fixed-width font. By default, only fonts that end users have installed locally can be selected. If you wish to make additional fixed-width fonts available to your users, you can place them here:

/etc/rstudio/fonts

Fonts placed here will be automatically made available for selection in RStudio’s Appearances settings (Tools -> Global Options -> Appearance) for all users. It’s helpful to place the fonts preferred by your users here because it allows the font to be used in RStudio Server regardless of what fonts they have installed locally.

The following font formats are supported:

  • Web Open Font Format (.woff, .woff2)
  • OpenType (.otf)
  • Embedded OpenType (.eot)
  • TrueType (.ttf)

Only fixed-width fonts are supported by the RStudio IDE. Proportional fonts will still be installed, but if users select a proportional font, they will experience cursor positioning problems.

5.16.5.1 Naming and Directory Structure

The name of the file is presumed to be the name of the font. If you wish to give the font a custom name, you can place it in a directory with your name of choice. For example:

+ fonts/
|
+-- Coding-Font.ttf
|
+-- Coding Font Two/
    |
    +-- CodingFont2-Regular.woff

This directory structure would make two fonts available, Coding-Font and Coding Font Two.

Some fonts come in many different weights and styles. If you want these weights and styles to be treated as single font, you can place them underneath a single folder. This is useful when a theme uses bold or italic variants of a font to decorate code (e.g., to set comments in italics).

To do this, create subfolders with the font’s weight or style as the folder’s name. For example, this creates a single font, “Coding Font 3”, which has two weights (400 and 700 for regular and bold, respectively) and an italic style for each weight.

+ fonts/
|
+-- Coding Font Three/
    |
    +-- 400/
    |   |
    |   +-- CodingFont3-Regular.woff
    |   |
    |   +-- italic/
    |       |
    |       +-- CodingFont3-Italic.woff
    |
    +-- 700/
        |
        +-- CodingFont3-Bold.woff
        |
        +-- italic/
            |
            +-- CodingFont3-BoldItalic.woff

5.16.5.2 Autodetection

In addition to displaying a list of fonts installed on the server, RStudio Server attempts to automatically detect available fixed-width fonts that are installed on a user’s browser. For security reasons, it is not possible for RStudio Server to enumerate all the fonts on the user’s machine, so a known list of popular programming fixed-width fonts are checked for compatibility. This list is stored in the option browser_fixed_width_fonts.

If your users have a font they prefer but it can’t be installed on the server, you can cause RStudio Server to start scanning for it locally by including it in the set of browser_fixed_width_fonts in the global RStudio preferences file, /etc/rstudio/rstudio-prefs.json. See User Preferences for more information on setting global options.

5.16.6 Keybindings

RStudio keybindings can be globally defined using the following two files:

/etc/rstudio/keybindings/editor_commands.json
/etc/rstudio/keybindings/rstudio_commands.json

It isn’t necessary to hand-author these files; RStudio can generate them for you:

  1. Remove the ~/.config/rstudio/keybindings/ folder
  2. Start a new R session and customize the keyboard shortcuts as desired
  3. Copy the new .json files from ~/.config/rstudio/keybindings to /etc/rstudio/keybindings to make them active for all users on the server

5.16.7 Spelling

You can define additional spelling dictionaries for RStudio by placing dictionary files in the following folders:

5.16.7.1 Languages

Define additional system languages by placing Hunspell .aff files in:

/etc/rstudio/dictionaries/languages-system

5.16.7.2 Dictionaries

Define additional custom dictionaries by placing Hunspell.dic files in:

/etc/rstudio/dictionaries/custom