If you plan to use impersonation when running dmxrund, setup an impersonated user to install and run on Linux.
Windows
As the administrative user has impersonation privileges by default, no setup is required.
Linux
Connect installation impersonation considerations on Linux follow:
- No impersonation: Running jobs without impersonation does not require root access. Upon receipt of a job submission request from the dmxrund calls the Connect Engine, dmxdfnl, to run the submitted job as the service user, connectuser.
- Impersonation: Running jobs with impersonation requires root access to impersonate the specified user. While dmxrund never is granted root access, another installed component, dmxexecutor, can enable impersonation. When dmxrund detects that dmxexecutor is installed in the required directory with the correct permissions, dmxrund calls dmxexecutor to impersonate the specific user that calls the Connect engine, dmxdfnl, which runs the submitted jobs.
To install and run job requests with impersonation, do the following:
- Create a service user, such as connectuser.
- Create a service group, dmexpress.Note: If you choose to change the name of the service group, you must update the SERVICE_GROUP property of the Connect custom impersonation configuration properties file.
- Add connectuser to the dmexpress service group.
- Run the installation as connectuser.
- Ensure that the following files are in the specified directories with the specified permissions:
Directory and file | Permissions | Notes |
---|---|---|
<Connect_installation>/bin/ dmxexecutor | -rwsr-x--- | The āsā represents the set-user identification (setuid) bit and indicates that dmxexecutor is extended impersonation privileges to run submitted jobs as a specific user. |
<Connect_installation>/conf/ dmxexecutor.conf | -rwx------ | Updates to dmxexecutor.conf are required only if you choose to customize the impersonation. |