-
Suggestion
-
Resolution: Fixed
-
None
-
None
Please, please, please, configure stand-alone Crowd so that it runs as an unprivileged user out of the box. If that can't be done or as a stop-gap until it can be done, provide documentation on how to do this.
[CWD-1777] Configure to run as an unprivileged user out of the box.
| Workflow | Original: JAC Suggestion Workflow [ 3388757 ] | New: JAC Suggestion Workflow 3 [ 3630818 ] |
| Status | Original: RESOLVED [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: Simplified Crowd Development Workflow v2 [ 1391922 ] | New: JAC Suggestion Workflow [ 3388757 ] |
| Issue Type | Original: Improvement [ 4 ] | New: Suggestion [ 10000 ] |
| Status | Original: Closed [ 6 ] | New: Resolved [ 5 ] |
| Workflow | Original: Crowd Development Workflow v2 [ 273632 ] | New: Simplified Crowd Development Workflow v2 [ 1391922 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Assignee | New: Olli Nevalainen [ onevalainen ] | |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
I have updated documentation so that it is possible to run Crowd as an unprivileged user.
Unfortunately achieving this out of the box would require a dedicated installer, which we would have to maintain for multiple operating systems and variations of operating systems. I would suggest creating a new issue for a dedicated installer if this feature is important for you.
I have updated the permission change script in the Running Crowd as an Unprivileged User section at http://confluence.atlassian.com/display/CROWD/Setting+Crowd+to+Run+Automatically+and+Use+an+Unprivileged+System+User+on+UNIX to work correctly with the latest Crowd version.
The permission change script alone is not enough to run Crowd automatically as a specified user. In order to do that, a start-up script should be created using the instructions in Getting Crowd to Start Automatically section at http://confluence.atlassian.com/display/CROWD/Setting+Crowd+to+Run+Automatically+and+Use+an+Unprivileged+System+User+on+UNIX.
Olli has updated the page. See diff:
http://confluence.atlassian.com/pages/diffpages.action?pageId=211649189&originalId=236585785
Thanks Olli! 
On Linux, I did it like this - works fine.
1. Stop crowd
2. useradd -c "Atlassian Crowd" crowd
3. chown -R crowd:root /opt/atlassian/crowd
4. chown -R crowd:root /var/atlassian/crowd
5. find /opt/atlassian/crowd -type d -exec chmod 750 {} \;
6. cd /opt/atlassian/crowd/atlassian-crowd-2.7.0
7. cp start_crowd.sh ORIG_start_crowd.sh
8. cp stop_crowd.sh ORIG_stop_crowd.sh
9. Edit start_crowd.sh. Replace with:
#!/bin/sh
PRGDIR=`dirname "$0"`
su -m crowd -c "$PRGDIR/apache-tomcat/bin/startup.sh $@"
10. Edit stop_crowd.sh
#!/bin/sh
PRGDIR=`dirname "$0"`
su -m crowd -c "$PRGDIR/apache-tomcat/bin/shutdown.sh $@"
11.Start crowd using start_crowd.sh
That's it. Easy.