Hints for the installation (Unix)
User registration and security
Users and groups are not created automatically, i.e. the administrator has create and configure an account before installing FirstSpirit..
 |
We strongly advise against operating FirstSpirit as the root user. |
Adjusting the resource limits (ulimit)
The nofile(s) or open files parameter defines the maximum possible number of simultaneously opened file handles under the user account of the FirstSpirit Server. As file handles also include TCP sockets, which are necessary for Client-Server communication, the chosen parameter size for the expected number of simultaneous Client accesses must be sufficiently large. Each FirstSpirit project has up to 200 open files and approx. 4 TCP sockets per logged in editor. If many FirstSpirit projects are used this limit should be set correspondingly high.
These parameters can be adjusted before or after the installation.
For this purpose either the operating system specific file /etc/security/limits.conf can be adapted or alternatively a separate FirstSpirit configuration file (firstspirit.conf) can be created in the directory /etc/security/limits.d with the desired parameters.
For more information please see https://linux.die.net/man/5/limits.conf
Red Hat Enterprise Linux, SUSE Linux Enterprise Server, Ubuntu and Debian GNU/Linux:
The parameter is defined in the file /etc/security/limits.conf or in a separate configuration file in /etc/security/limits.d:
[user] soft nofile 10000[user] hard nofile 10000
[user] is only a placeholder for the FirstSpirit system user (see Unix (→Documentation for Administrators)). In a customer scenario, the placeholder must be replaced by the concrete FirstSpirit system user.
For Ubuntu and Debian GNU/Linux: In addition, it should be checked if the following line is enabled within the file /etc/pam.d/su to use ulimit for system services such as FirstSpirit, which can be started via su, as well:
session required pam_limits.so
If the system-wide limit is set too low, set the rlim_fd_max parameter in the /etc/system file to at least “10000”.
It should be noted that a change to this file does not become valid until after renewed login. The change can be checked after installing FirstSpirit, if the user account “fs” has been created, by the following call:
su - fs -c "ulimit -a"
Only the open files or nofile(s) value is interesting here, which must be “10000”.
System function flock()
The FirstSpirit Server uses the Unix system function flock() to protect some control files for an exclusive access. The combination of operating system and file system must offer flock() for this reason.
In case of local file systems, this function is provided by all operating systems which are supported by FirstSpirit.
In case of distributed file systems (for example GFS2, OCFS, VXFS or NFS), the documentation of the particular supplier must be checked with regard to flock() on the used file system.
UTF-8 compliant locale
FirstSpirit documentation expects a locale which conforms to UTF-8. Otherwise, problems may arise during documentation roll-out (directory creation) or while working with documentation (e.g. due to umlauts in SEO URLs.
Configuration of file access rights (umask)
Using the wrapper.umask parameter in the configuration file for the server start and the FirstSpirit server Java system fs-wrapper.isolated.conf , access rights can be configured for newly created files and directories.
The mask that controls which file permissions are set for files and directories for the Unix system (umask), is overwritten by the mask that controls the permissions which are set for FirstSpirit by using the parameter wrapper.umask. This means, that permissions which are defined for the operating system do potentially not apply to files and directories which are created by FirstSpirit. For this reason, the value of the parameter wrapper.umask should be checked and adapted to the permission mask of the system, if necessary.