Skip to main content

I have the FME Server Core running in a CentOS instance in AWS and a number of engines on separate instances. The shared resources folder is in an Elastic File System mounted to all the engines and the Core.

 

I noticed that when new folders are created from the FME Web UI, they are created by the root user and not by the fmeserver user as I was expecting. This is causing the engines to have problems writing into those new folders because the fmeserver user (which is the user that runs the workspace) lacks the necessary permissions.

 

I can't keep modifying every new folder's permissions to allow for the fmeserver user to be able to write to them. What could be a more permanent solution? Can the Core be changed to use the fmeserver user instead when creating new directories?

If you are uploading a file/folder or creating one in the Web UI it's the Web Application(tomcat) which is writing these files. Typically the web service has to be run as root since ports under 1024 have restrictions on linux. Uploads will have root permissions opposed to the engines which are run as fmeserver user. Typically we suggest choosing port 8080 and configuring your start up methods to launch the web application as the fmeserver user. We have some examples of how starting the services can be done automatically. If you adjust the samples fmeserver-appserver.service script it should help.

https://docs.safe.com/fme/html/FME_Server_Documentation/AdminGuide/StartingStoppingFME_Linux.htm

 

In the long term we have an enhancement request to make this easier or to automatically have it run as fmeserver when the port is 8080.

 


Thanks! In my case I had configured for HTTPS so changing my port to 8443 and configuring my fmeserver-appserver.service file to specify fmeserver as the user and group did the trick.


Reply