In this step, you'll create a service user that owns all of the XNAT data and configuration folders. Since XNAT runs as an application within Tomcat, you'll need to configure Tomcat to run as that new XNAT user.
To create a new user, you have to have adequate privileges. On our VM's operating system, this means being root or, more often, sudo access. By default, the user created by the Vagrant build process has sudo access:
vagrant@xnat-11:~$ sudo -i root@xnat-11:~#
sudo is a standard feature on Linux systems. It allows users to become root or temporarily assume root privileges without ever having to actually log in as the root user. We won't go into sudo in much detail here, but there are many resources available that can explain how it works.
Once you're operating with root privileges, you can create a new user with the adduser command. Create a new user and specify the user's home folder with the following command:
root@xnat-11:~# adduser --home /data/xnat/home xnat Adding user `xnat' ... Adding new group `xnat' (1002) ... Adding new user `xnat' (1001) with group `xnat' ... Creating home directory `/data/xnat/home' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for xnat Enter the new value, or press ENTER for the default Full Name : XNAT Room Number : Work Phone : Home Phone : Other : Is the information correct? [Y/n] y root@xnat-11:~#
This command created a user named xnat and set that user's home folder to /data/xnat/home.
In addition to this home folder, XNAT also needs a number of other locations:
- Four folders underneath the XNAT user's home folder: config, logs, plugins, and work
- Archive folder
- Build folder
- Cache folder
- FTP folder
- Prearchive folder
The standard practice for XNAT dev-ops teams is to put the five system files underneath /data/xnat, so create those as well:
root@xnat-11:~# cd /data/xnat/home/ root@xnat-11:/data/xnat/home# mkdir config logs plugins work root@xnat-11:/data/xnat/home# cd .. root@xnat-11:/data/xnat# mkdir archive build cache ftp prearchive root@xnat-11:/data/xnat# chown -R xnat:xnat /data
That last command, chown, is very important: it sets the owner and group of all of the folders you just created to xnat. This means that your user has the ability to create, read, modify, and delete files anywhere within that folder structure. Since the Tomcat service and the XNAT application will be operating as that user, this means that the application can manage the contents in there.
Lastly, you should configure the xnat user so that you can use sudo there as easily as from the vagrant user. The vagrant user's sudo permissions are configured in a file that gets included with the overall sudo configuration (don't worry if this sounds confusing, because it is if you're not familiar with it!). You can copy that file to a version for your xnat user, then modify it appropriately:
root@xnat-11:/data/xnat# cat /etc/sudoers.d/vagrant | sed 's/vagrant/xnat/' > /etc/sudoers.d/xnat
Now when you become the xnat user, you'll now be able to start and stop services and perform administrative tasks using sudo.