Changing RunAs User#
The installer creates a user account and group named
rstudio-pm and runs the
RStudio Package Manager service under this account. See the RunAs Defaults
section for more information.
Changing The RunAs Account (Service)#
You can configure RStudio Package Manager to run under another account. The steps
below serve as a guide for reconfiguring RStudio Package Manager to run under an
thor with a primary group of
heroes instead of the default
Stop the RStudio Package Manager service. See Stopping and Starting RSPM.
sudo systemctl stop rstudio-pm
Create a new group and user account.
sudo groupadd heroes sudo useradd -r -g heroes -M -s /sbin/nologin thor
In order to use the CLI tool, a user must be a member of the primary group of the user that starts the RStudio Package Manager service.
In this example, RStudio Package Manager is started by the user
thor. The primary group of the
heroes, so users must be members of the
heroesgroup to use the CLI.
Edit the service configuration.
sudo vi /etc/systemd/system/rstudio-pm.service.d/user.conf
Change these lines:
[Service] User=thor Group=heroes
Change ownership of files and directories.
# Configuration file sudo chown thor:heroes /etc/rstudio-pm/rstudio-pm.gcfg # Log files sudo chown -R thor:heroes /var/log/rstudio/rstudio-pm # Data directory (or `Server.DataDir`, if configured for a custom location) sudo chown -R thor:heroes /var/lib/rstudio-pm # Run directory (if any) sudo chown -R thor:heroes /var/run/rstudio-pm # If you have a custom `Sqlite.Dir` (e.g., `Sqlite.Dir = /database/directory`) sudo chown -R thor:heroes /database/directory # Temporary workspace directory for Git package builds # This directory is usually found under `/tmp`. If you use a custom # `Server.TempDir`, then it will be found at `Server.TempDir`/rspm-workspaces. sudo chown -R thor:heroes /tmp/rspm-workspaces
Change ownership of custom FileStorage directories.
If you have customized any file storage locations specified in your FileStorage configuration, these directories also need to have the correct ownership.
# For example: # # [FileStorage "cache"] # Location = /path/to/cache # sudo chown -R thor:heroes /path/to/cache # # Repeat for every custom FileStorage location
Edit the Job Launcher configuration (unless running as
If you wish to build Git packages, you may need to update the Job Launcher configuration to build packages under the correct account and group.
When Running Unprivileged
When RStudio Package Manager is running unprivileged (the default), the Job Launcher automatically runs under the same user and group as the RStudio Package Manager service. Skip this step. Using a different account for the
Launcher.ServerUserconfiguration setting is prohibited.
When Running Privileged
If you are changing the RunAs user to
root, the Job Launcher will automatically use the rstudio-pm user and group to build Git packages, and you may skip this step. However, you may customize the Job Launcher user and admin group by using the
sudo vi /etc/rstudio-pm/rstudio-pm.gcfg
Add or change these lines:
[Launcher] ServerUser = thor AdminGroup = heroes
Remove remaining domain socket file (if any).
sudo rm /var/run/rstudio-pm/rstudio-pm.sock
Start the RStudio Package Manager service. See Stopping and Starting RSPM.
sudo systemctl daemon-reload # Reload the systemd process sudo systemctl start rstudio-pm
Verify that the
rstudio-pmservice is running under the
ps -axj | grep `id -u thor`
/var/log/rstudio/rstudio-pm/rstudio-pm.logto verify that the server started up with no errors.
Using the New RunAs Account (CLI)#
After changing the service RunAs user, your CLI users must be members of the
heroes group. For example:
sudo useradd -g heroes hulk sudo passwd hulk su hulk /opt/rstudio-pm/bin/rspm <command>