Changing RunAs User

Default Account

The installer creates a user account and group named rstudio-pm and runs the Package Manager service under this account.

Changing The RunAs Account (Service)

You can configure Package Manager to run under another account. The steps below serve as a guide for reconfiguring Package Manager to run under an account named thor with a primary group of heroes instead of the default rstudio-pm:rstudio-pm.

Stop the Package Manager service. See Stopping and Starting Package Manager.
```
Terminal
```
```
sudo systemctl stop rstudio-pm
```
Create a new group and user account.
```
Terminal
```
```
sudo groupadd heroes
sudo useradd -r -g heroes -M -s /sbin/nologin thor
```
In order to use the CLI tool, a user must be a member of the primary group of the user that starts the Package Manager service.

In this example, Package Manager is started by the user thor. The primary group of the thor account is heroes, so users must be members of the heroes group to use the CLI.

Edit the service configuration.

Terminal

sudo vi /etc/systemd/system/rstudio-pm.service.d/user.conf

Change these lines:

/etc/systemd/system/rstudio-pm.service.d/user.conf

[Service]
User=thor
Group=heroes

Change ownership of files and directories.

Terminal

# Configuration file
sudo chown thor:heroes /etc/rstudio-pm/rstudio-pm.gcfg

# Log files
sudo chown -R thor:heroes /var/log/rstudio/rstudio-pm

# Data directory (or `Server.DataDir`, if configured for a custom location)
sudo chown -R thor:heroes /var/lib/rstudio-pm

# Run directory (if any)
sudo chown -R thor:heroes /var/run/rstudio-pm

# If you have a custom `Sqlite.Dir` (e.g., `Sqlite.Dir = /database/directory`)
sudo chown -R thor:heroes /database/directory

# Temporary workspace directory for Git package builds
# This directory is usually found under `/tmp`. If you use a custom
# `Server.TempDir`, then it will be found at `Server.TempDir`/rspm-workspaces.
sudo chown -R thor:heroes /tmp/rspm-workspaces

Change ownership of custom FileStorage directories.

If you have customized any file storage locations specified in your FileStorage configuration, these directories also need to have the correct ownership.
```
Terminal
```
```
# For example:
#
# [FileStorage "cache"]
# Location = /path/to/cache
#
sudo chown -R thor:heroes /path/to/cache
#
# Repeat for every custom FileStorage location
```

Remove remaining domain socket file (if any).

Terminal

sudo rm /var/run/rstudio-pm/rstudio-pm.sock

Start the Package Manager service. See Stopping and Starting Package Manager.

Terminal

sudo systemctl daemon-reload # Reload the systemd process
sudo systemctl start rstudio-pm

Verify that the rstudio-pm service is running under the thor account.
```
Terminal
```
```
ps -axj | grep `id -u thor`
```
Check /var/log/rstudio/rstudio-pm/rstudio-pm.log to verify that the server started up with no errors.

Using the New RunAs Account (CLI)

After changing the service RunAs user, your CLI users must be members of the heroes group. For example:

Terminal

sudo useradd -g heroes hulk
sudo passwd hulk
su hulk
/opt/rstudio-pm/bin/rspm <command>