I'm running FME Server 2020.2.1 Build 20806 on a Linux Debian 10.6 host.
I need to run a workspace that writes to a sqlite database previously uploaded in the shared resource data directory, but the workspace fails complaining it can't write to a read-only database.
I discovered that when I upload a file in the shared resource data directory through the Web User Interface, the owner user:group of the file is root:root and not fmeserver:fmeserver as expected. After changing the ownership of the file (the sqlite database in this case) to fmeserver:fmeserver using the shell of the operating system, the workspace runs fine.
This is obviously a workaround which is not suitable for a production environment with several users. Can anyone help me solving this issue?
Thanks!
Best answer by davtorgh
Solved!
Added the following lines to systemd script 'fmeserver-appserver.service', as suggested by @richardatsafe :
User=fmeserverGroup=fmeserver
but I had to fix something else (see file 'systemctl-status-bad.txt' in attached zipfile). Here are my troubleshooting steps:
stopped 'fmeserver-appserver.service';
FME Server Appserver wants to write file 'catalina.pid' file in '/var/run/tomcat/' but the directory does not exist, so I created it and assigned ownership to fmeserver:fmeserver; now the file gets created;
FME Server Appserver wants to create file 'catalina.out' in '/opt/fmeserver/Utilities/tomcat/logs/', but the directory ownership is root:root, so i assigned ownership to fmeserver:fmeserver; now the file gets creted;
started 'fmeserver-appserver.service' (see file 'systemctl-status-ok.txt' in attached zipfile).
Now files and directories in the shared resource data directory created with the Web User Interface are owned by fmeserver:fmeserver as expected.
Hope this will be useful to Safe Software and other FME Server users!
The problem comes down to the web application needing to be run as root when the port chosen at installation is less than 1024. This is because the apache tomcat needs to root to perform an autobind, which is only necessary for lower ports. This comment talks about the issue in more detail, however, the easiest thing to do is install FME Server on port 8080.
The problem comes down to the web application needing to be run as root when the port chosen at installation is less than 1024. This is because the apache tomcat needs to root to perform an autobind, which is only necessary for lower ports. This comment talks about the issue in more detail, however, the easiest thing to do is install FME Server on port 8080.
but FME Server runs in https on port 8443, so there may be something else to fix. I add, for further troubleshooting, that all FME services are executed with systemd using the scripts provided with the installation package.
but FME Server runs in https on port 8443, so there may be something else to fix. I add, for further troubleshooting, that all FME services are executed with systemd using the scripts provided with the installation package.
Good catch. If you are using the systemd scripts you will need to add the the user and group to the fmeserver-appserver.service script to start with the fmeserver user instead of a root user similar to the fmeserver-core.service. The systemd scripts are a "guide only", however, I will have warnings added to the documentation to prevent this in the future.
Added the following lines to systemd script 'fmeserver-appserver.service', as suggested by @richardatsafe :
User=fmeserverGroup=fmeserver
but I had to fix something else (see file 'systemctl-status-bad.txt' in attached zipfile). Here are my troubleshooting steps:
stopped 'fmeserver-appserver.service';
FME Server Appserver wants to write file 'catalina.pid' file in '/var/run/tomcat/' but the directory does not exist, so I created it and assigned ownership to fmeserver:fmeserver; now the file gets created;
FME Server Appserver wants to create file 'catalina.out' in '/opt/fmeserver/Utilities/tomcat/logs/', but the directory ownership is root:root, so i assigned ownership to fmeserver:fmeserver; now the file gets creted;
started 'fmeserver-appserver.service' (see file 'systemctl-status-ok.txt' in attached zipfile).
Now files and directories in the shared resource data directory created with the Web User Interface are owned by fmeserver:fmeserver as expected.
Hope this will be useful to Safe Software and other FME Server users!
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
