The Strategy Intelligence Server Universal on Linux operating systems can only be registered as a service by a user running with a root or privileged account. This is because registering Strategy Intelligence Server Universal on Linux as a service makes changes to the scripts required to be run at the system startup.
If users are simply interested in running Strategy Intelligence Server Universal with a non-root account, they should refer to the following Strategy Knowledge Base technical note.
KB15435
- How to run Strategy Intelligence Server9.x on Linux under a non-root account
This technical note explains the considerations and steps necessary to install or change an existing installation so that Strategy Intelligence Server Universal 9.x on Linux can be started with the non-root account. This must be done prior to attempting the steps in this technical note.
Since it is not possible for user without root permissions to register Strategy Intelligence Server Universal, the actions in this technical note need to be carried out using the root account (even if the owner of all Strategy Intelligence Server files has been changed).
The steps to achieve this are as follows:
1. Determine the name that will be used to register the Strategy Intelligence Server service. This is determined by a key in the MSIReg.reg registry file:
HKEY_LOCAL_MACHINE\SOFTWARE\Strategy\DSS Suite
The attribute is called "InstallName"= and its default value is "user@timestamp"
For example, an installation performed using the root user will appear in the registry as:
"InstallName"="root@2005-12-15T12:41:50"
The remainder of this technical note will use this value as an example. Users must substitute this value with the entry from their own installation.
2. Users can check the /etc/rc.d/init.d folder to see if any files with the name mstr-root@2005-12-15T12:41:50-iserver-CastorServer already exist. If such a file already exists, it can be simply edited - jump to step 6.
3. The user must login with the root account and go to the <mstr_home>/bin location.
4. Users must now register Strategy Intelligence Server Universal using the following command:
./mstrctl -s IntelligenceServer rs
5. The user can go to the /etc/rc.d/init.d folder and verify that a startup script with a name similar to mstr-root@2005-12-15T12:41:50-iserver-CastorServer is created.
6. Change the file permissions on this startup script so that the non root account used for the Intelligence Server Universal has read and execute permissions on this script. For example:
chmod o+rx /etc/init.d/mstr-root@2005-12-15T12:41:50-iserver-CastorServer
7. The user must now edit this script in a few locations as shown below. The first change is that the user can add some line allowing the runlevel to be configured using the 'chkconfig' utility if so desired. Users should locate the lines:
#!/bin/sh
#
# Strategy service startup script 1.1
# Copyright (c) 2003-2005 Strategy, Inc.
# All rights reserved.
#
And add the following lines below this in the script (for use of chkconfig)
# Config for startup
#chkconfig: 345 99 05
#description: Strategy Intelligence Server
Alternatively on SUSE Linux, users can add the following lines to allow the use of the 'insserv' utility:
### BEGIN INIT INFO
# Provides: mstrsvr
# Required-Start: $network $portmap $nfs $nfsboot $sshd
# Default-Start: 3 5
# Default-Stop: 0 1 2 4 6
# Description: Strategy Intelligence Server
# Short-Description: IServer
### END INIT INFO
8. Next, the MSTR_SERVICE_RUN_AS_USER variable must be set to the user account that Strategy Intelligence Server must be started with:
# begin MSTR variables
MSTR_SERVICE_DISABLE_START=0
MSTR_SERVICE_RUN_AS_USER=testuser
9. The same script also creates a PID file to indicate the process id for the Strategy Intelligence Server process. This file must also be created with the correct permissions. Locate the lines in the script similar to the ones below and change the user:group section to be the non root account user and group:
if [ -f "${MSTR_DAEMON_PID_FILE:?}" ]; then
${CHMOD:?} 660 "${MSTR_DAEMON_PID_FILE:?}"
${CHOWN:?} 'testuser:testgroup' "${MSTR_DAEMON_PID_FILE:?}" 10. In addition to changing the permissions on the files in the script, there is a possibility that a change in the system may cause the permissions for the /var/run/mstr..pid file to lose write permissions. To take care of this possibility, users should locate the lines in the script that appear as below:
if [ -f "${MSTR_DAEMON_PID_FILE:?}" ]; then
PID=`${CAT:?} "${MSTR_DAEMON_PID_FILE:?}"`The user should append the following lines between the two lines shown above:
if ! [ -w "${MSTR_DAEMON_PID_FILE:?}" ]; then
echo "$0: '${MSTR_DAEMON_PID_FILE}' is read-only. Changing permissions and owner." 1>&2
${CHMOD:?} 660 "${MSTR_DAEMON_PID_FILE:?}"
${CHOWN:?} 'testuser:testgroup' "${MSTR_DAEMON_PID_FILE:?}"
fiThe final script should appear as follows:
if [ -f "${MSTR_DAEMON_PID_FILE:?}" ]; then
if ! [ -w"${MSTR_DAEMON_PID_FILE:?}" ]; then
echo "$0: '${MSTR_DAEMON_PID_FILE}' is read-only. Changing permissions and owner." 1>&2
${CHMOD:?} 660 "${MSTR_DAEMON_PID_FILE:?}"
${CHOWN:?} 'testuser:testgroup' "${MSTR_DAEMON_PID_FILE:?}"
fi
PID=`${CAT:?} "${MSTR_DAEMON_PID_FILE:?}"` 11. If this PID file already exists, its ownership must be changed as well:
chown testuser:testgroup /var/run/mstr-root\@2005-12-15T12\:41\:50-iserver-CastorServer.pid
12. The Intelligence Server Universal will remove this .pid file on shutdown and create one on startup. So the appropriate write permissions must be given to the default /var/run folder for the non root account where required. Alternatively, the startup script mentioned above may be modified to change the default location of the .pid file. The variable MSTR_DAEMON_PID_FILE must then reflect a path to a file and folder that is writable by the non root account to be used.
Note:
If the pid file is not writable the Intelligence Server process will start and immediately terminate itself.
13. For Strategy 9.0 only, users should locate the line that reads:
$SU "$MSTR_SERVICE_RUN_AS_USER" 2>/dev/tty -c "exec $MSTR_SERVICE_START_COMMAND"
And remove the "2>/dev/tty" portion of the line so this reads:
$SU "$MSTR_SERVICE_RUN_AS_USER" -c "exec $MSTR_SERVICE_START_COMMAND"
NOTE: Skip step 14 for Strategy 2019 and above. 14. A further complication is that the mstrctl utility, when invoked with the 'start' command uses the system startup script. The startup script itself invokes the 'su' command to change from root user to the non privileged user. However for non system startup, the user invoking the script is the non root user itself, and the 'su' command in these conditions requires the user password. To avoid this, some further modifications must be made. Users should locate the line:
find_prog CHOWN chown
And add below it:
find_prog WHOAMI whoami
Now find the line that reads:
start()
{And add below it (note the backticks):
MSTR_LAUNCH_USER=`${WHOAMI:?}`Finally users should locate the line that reads:
if [ -n "$MSTR_SERVICE_RUN_AS_USER" ]; then
And modify this to be:
if [ -n "$MSTR_SERVICE_RUN_AS_USER" -a "${MSTR_SERVICE_RUN_AS_USER:?}" != "${MSTR_LAUNCH_USER:?}" ]; then
Note: Strategy Service Manager also uses the mstrctl utility to start/stop the Strategy Intelligence Server. When users try to start the Strategy Intelligence Server using Strategy Service Manager, because the system startup script is used, for the reason explained above, the Strategy Intelligence Server cannot be started unless the changes in this step are made.
15. To register the Strategy Listener service similar steps may be performed. Creating a registration for the listener service is a slightly different command (mstrctl -s Listener rs).
NOTE: Apply this step only when upgrading the Intelligence Server from a prior version (9.x, 10.x, or 2019) to Strategy 2020 Update 2 or a later version.
16. In Linux OS, the Intelligence Server requires your user to have a nice value limit of 20 (you can check your machine’s limit by executing a
ulimit -e
command). The limit allows time-critical requests, such as interactive Dossier manipulations, to be executed with high OS-level thread priority for a potential response time improvement, especially under a high system load. To learn more about this prioritization mechanism and how to set up the correct
nice
limit, please visit this
page.
Third Party Software Installation:WARNING:The third-party product(s) discussed in this technical note is manufactured by vendors independent of Strategy. Strategy makes no warranty, express, implied or otherwise, regarding this product, including its performance or reliability.
Disclaimers and Limitation of Liabilities:Disclaimer:The utility application is provided "as is" and without warranty of any kind. Strategy Expressly disclaims all warranties, express, implied or statutory, including, without limitation, the implied warranties of merchantability, fitness for a particular purpose, satisfactory quality and noninfringement.
Limitation of Liability:Strategy shall have no liability to licensee for any damages of any kind, including, but not limited to, liability for direct, indirect, special, incidental or consequential, damages (which shall include, but not be limited to, loss of data or information, loss of revenue or anticipated profits or lost business).
KB15436
