Run services as a dedicated user
From a security perspective, it is advantageous to run services as a dedicated user with a minimal set of privileges.
You must first install the product, and then adjust the MSS service as described below.
Note
You must repeat these steps after any product upgrades.
To run the Micro Focus MSS Server service as a dedicated user on Windows:
- Create a standard user.
- Stop the Micro Focus MSS Server service.
- Open the Properties of the Micro Focus MSS Server service.
- Go to the Log On tab.
- Select This account.
- Enter the username and password of the user who is going to run the service.
- Give the user full control to the following directories:
<install_dir>\server\conf
<install_dir>\server\etc
<install_dir>\server\logs
<install_dir>\server\tmp
<install_dir>\server\microservices\auth-service
<install_dir>\server\microservices\cassandra
<install_dir>\server\web\work
<install_dir>\server\webapps\mss\ex\modules
<install_dir>\server\webapps\mss\WEB-INF\lib\modules
- MSSData directory (for example,
C:\ProgramData\Micro Focus\MSS\MSSData
) <mssdata_dir>\db
<mssdata_dir>\deploy
- Change ownership and give full control to the user for following files:
<mssdata_dir>\keychain.bcfks
<mssdata_dir>\keychain.bcfks.bak
<mssdata_dir>\keychain.pwd
<mssdata_dir>\AccessDS.xml
<mssdata_dir>\PropertyDS.xml
<mssdata_dir>\SessionDS.xml
<mssdata_dir>\idm\IDManager.config
- Start the Micro Focus MSS Server service.
To give full control of a file or folder:
- Right click on the file or folder.
- Select Properties.
- Go to the Security tab.
- Click Edit.
- Click Add.
- Enter the user name and click OK.
- Check Full control under the Allow column and click Apply.
To change ownership of a file or folder:
- Right-click the file or folder.
- Select Properties.
- Go to the Security tab.
- Click Advanced.
- Click Change beside the current Owner.
- Enter the new owner name and click OK.
- Click Apply.
To run the Micro Focus MSS Server service as a dedicated user on UNIX / Linux:
Follow the steps above but adjust them accordingly for your environment and distribution.