Running the FME Server Engines Under a Different Account
By default, the FME Server Core and the FME Server Engines Windows services are set to use the local system account. You may wish to run the FME Server Engines service under a different account that can read and write data across a network, particularly in a distributed installation where this service is installed on separate machines.
Permissions
If the FME Server engines are installed on machines separate from the FME Server core, keep in mind the following:
The user account that runs <engineHost>
must have read or read/write permissions to the FME Server System Share files on the <coreHost>
. These files include Repositories and Resources. By default, an Express Installation of FME Server writes these files to the path specified by the %ALLUSERSPROFILE% environment variable, which defaults to C:\ProgramData\Safe Software\FME Server\. If your Express Installation of FME Server specified a different directory, or if your FME Server is a Distributed Installation, then these files are written to the directory specified.
Read permission:
-
\resources\system\temp\upload
- \repositories
-
\resources\system\temp\requestdata
- \resources\engine
Read and Write permission:
- \resources\logs
-
\resources\system\temp\engineresults
- \resources\backups
- \resources\data
- \resources\temp
Additionally, if the FME Server Database is installed on a separate server, the user account that runs <engineHost>
must have the same permissions as described above on that network share.
To change the user account that runs the FME Engine Service
- Add or identify a new Windows user account that will run the FME Server Engines service. This user should belong to a standard account that is part of the "Users Group," rather than an Administrator. For example, this user could be called "FMEEngineUser." Be sure to create a password for this user.
- Run the Windows Command Prompt as administrator and navigate to <FMEServerDir>\Utilities.
- Run the command
changeEngineUser.bat <engineUser>
where<engineUser>
is the name of the user that you created. For example: - On the Resources page of the Web User Interface, delete all files and folders located under Logs > engine. This step is necessary to allow the new user account to write to the engine log. Before you delete, use the Download button to archive any logs you want to keep.
- In the Windows Services, update the account that logs on to the FME Server Engines service to the new user. For more information, see Running the System Services Under Different Accounts.
changeEngineUser.bat FMEEngineUser
The following commands must be run as the root user:
- Create a new user that will run the FME Server Engines process. This can typically be done with the command adduser <username> and following the prompts. For example:
- Navigate to the Utilities directory and run the shell script
./changeEngineUser.sh <username>
where<username>
is the name of the new user you created. For example: - On the Resources page of the Web User Interface, delete all files and folders located under Logs > engine. This step is necessary to allow the new user account to write to the engine log. Before you delete, use the Download button to archive any logs you want to keep.
- Start FME Server by calling the
startServer.sh
script in the Server directory with the root user. This starts the FME Server Core as the user that installed FME Server, and the FME Server Engines as the new engine user. If you are using the Linux startup scripts, no further setup is required, and on the next restart, the Engines will start under the engine user.
adduser fmeengineuser
./changeEngineUser.sh fmeengineuser