Hi all, I'm trying to install Galaxy on CentOS, and doing things under my own user account the basics look fine (sh setup.sh work, sh run.sh works, and I can access the galaxy webpages on localhost). I'm now trying to do this via a new Unix/Linux user account just for Galaxy, as recommended here: http://bitbucket.org/galaxy/galaxy-central/wiki/Config/ProductionServer For security I have deliberately setup a "galaxy" user with no home directory and with login disabled (based on the apache user): sudo /usr/sbin/adduser -s /sbin/nologin -M -l -r -c "Galaxy" galaxy I have downloaded Galaxy using hg, moved the directory to /opt/galaxy-dist and made the new galaxy user the owner of this folder and its contents. Then: sudo -u galaxy sh setup.sh That seems to work, next: sudo -u galaxy sh run.sh This fails as it tries to write to ~/.python-eggs (i.e. my home directory, the galaxy user doesn't have a home directory), so based on the error message's suggestion to set PYTHON_EGG_CACHE what I have tied is editing run.sh to include the following line near the start: export PYTHON_EGG_CACHE="/opt/galaxy-dist/.python-eggs" That seems to work, but is is a good idea? Do you instead recommend giving the galaxy account a home directory, and installing galaxy there? It would make setting environment variables simpler... Thanks, Peter
On Fri, Sep 3, 2010 at 10:55 AM, Peter <peter@maubp.freeserve.co.uk> wrote:
Hi all,
I'm trying to install Galaxy on CentOS, and doing things under my own user account the basics look fine (sh setup.sh work, sh run.sh works, and I can access the galaxy webpages on localhost).
I'm now trying to do this via a new Unix/Linux user account just for Galaxy, as recommended here:
http://bitbucket.org/galaxy/galaxy-central/wiki/Config/ProductionServer
For security I have deliberately setup a "galaxy" user with no home directory and with login disabled (based on the apache user) ... That seems to work, but is is a good idea? Do you instead recommend giving the galaxy account a home directory, and installing galaxy there? It would make setting environment variables simpler...
Reading galaxy-dist/contrib/galaxy.debian-init from James Casbon, in his setup the galaxy user had a home directory and that is where the galaxy files were kept. So at least some people do it that way. Peter
Peter wrote:
Hi all,
I'm trying to install Galaxy on CentOS, and doing things under my own user account the basics look fine (sh setup.sh work, sh run.sh works, and I can access the galaxy webpages on localhost).
I'm now trying to do this via a new Unix/Linux user account just for Galaxy, as recommended here:
http://bitbucket.org/galaxy/galaxy-central/wiki/Config/ProductionServer
For security I have deliberately setup a "galaxy" user with no home directory and with login disabled (based on the apache user):
sudo /usr/sbin/adduser -s /sbin/nologin -M -l -r -c "Galaxy" galaxy
I have downloaded Galaxy using hg, moved the directory to /opt/galaxy-dist and made the new galaxy user the owner of this folder and its contents. Then:
sudo -u galaxy sh setup.sh
That seems to work, next:
sudo -u galaxy sh run.sh
This fails as it tries to write to ~/.python-eggs (i.e. my home directory, the galaxy user doesn't have a home directory), so based on the error message's suggestion to set PYTHON_EGG_CACHE what I have tied is editing run.sh to include the following line near the start:
export PYTHON_EGG_CACHE="/opt/galaxy-dist/.python-eggs"
That seems to work, but is is a good idea? Do you instead recommend giving the galaxy account a home directory, and installing galaxy there? It would make setting environment variables simpler...
I haven't ever tried without a real home directory or shell, but I don't know of any reason you wouldn't be able to run like this if you're not using a cluster. Please let us know if you encounter any more issues. Thanks, --nate
Thanks,
Peter _______________________________________________ galaxy-dev mailing list galaxy-dev@lists.bx.psu.edu http://lists.bx.psu.edu/listinfo/galaxy-dev
On Fri, Sep 3, 2010 at 4:20 PM, Nate Coraor <nate@bx.psu.edu> wrote:
I haven't ever tried without a real home directory or shell, but I don't know of any reason you wouldn't be able to run like this if you're not using a cluster.
I take it then that the "normal" way to install Galaxy is to create a galaxy user, and put the files under /home/galaxy - if that is what most installations do, I can follow suit. I'm unclear how it is relevant, but we do have a cluster available, although I'm not sure at this point if we would try and call it from Galaxy... there are internal networking constraints which may prevent that.
Please let us know if you encounter any more issues.
I've tried to setup an /etc/init.d/galaxy script for CentOS (having looked at the examples in the galaxy-dist/contrib folder), and have something which seems to be working using: ... . /etc/init.d/functions start () { daemon --user galaxy "/opt/galaxy-dist/run.sh --daemon" } stop() { daemon --user galaxy "/opt/galaxy-dist/run.sh --stop-daemon" } ... Running this at the command line I get an annoying warning, since apparently the daemon command calls runuser which assumes the user has a home directory (which in my setup is not true): runuser: warning: cannot change directory to /home/galaxy: No such file or directory This is probably nothing Galaxy specific, probably a sign that I'm not doing this in the recommended CentOS/RedHat way. If I switch to a galaxy user with a home directory, this issue should go away. Peter
participants (2)
-
Nate Coraor -
Peter