Operating-System User Identity of the Server Processes

Like all processes, the AccuRev Server and AccuRev Database Server processes have an operating-system user identity. It should be a unique user identity, not used by any other program. This helps to ensure that no other user or process has access to the repository.

UNIX/Linux Identity

Caution: The AccuRev Database Server cannot be run as the root user. In addition, do not attempt to run the AccuRev Server as root. Some user-supplied trigger scripts run under the operating-system identity of the AccuRev Server, which poses a significant security risk. (See Trigger Script Execution and User Identities.)

We suggest that you create an operating-system user named acserver, belonging to a group named acgroup. (Any similar names will do.) Only the AccuRev Server should run as acserver.

For emergency "manual" access to the repository, you can create another user identity — say, acadmin — and place that user in the same group, acgroup. You can configure UNIX/Linux-level auditing and place other appropriate controls on this account; this leaves the acserver account (and thus, the AccuRev Server process) unencumbered by such controls.

Configure the AccuRev Server to run with the acserver/acgroup identity by placing these names in the server configuration file, acserver.cnf. See Server Configuration File.

Back to top

Windows Identity

The AccuRev Server and AccuRev Database Server run as Windows services. By default, these services run as the built-in local user named System. This user identity must have access to the AccuRev executables (bin) directory and to the repository. See Repository Access Permissions.

You can use the Services control panel to configure the services to run under another identity ("account").

Back to top