Configuring the orchestrator User Account for a Non-Root User

The installation of the Aspera Common Components automatically creates an orchestrator user account--which is root by default--as well as a mysql user. Aspera recommends using the default accounts; however, if you do not want to use these default accounts, you can manually create orchestrator and mysql user accounts and groups on each Orchestrator server after installing the Aspera Common Components and before installing Orchestrator.

To create a specific group and user and to change the permissions on the Orchestrator folders, run the following commands. In the example below, orchestrator-version is the installed version of Orchestrator.

# asctl orchestrator:stop
# groupadd -g 776 orchestrator && useradd -c "Aspera Orchestrator user" -d /home/orchestrator -g orchestrator -m -s /bin/aspshell -r -u 776 orchestrator
# cd /opt/aspera
# chown  aspera_orch:aspera_orch_group orchestrator
# chown -R aspera_orch:aspera_orch_group orchestrator-version
# chown -R aspera_orch:aspera_orch_group var
# asctl orchestrator:restart

Note: Orchestrator (aspera_orch_group in the above example) must have permission to read and write to mounted storage directories.

To manually create the mysql user, run the following commands:

# groupadd -g 778 mysql && useradd -c "Aspera Mysql" -d /home/mysql -g mysql -m -s /bin/false -u 778 mysql