Run Wowza Streaming Engine as a named user (Linux and macOS)

On Linux and macOS, the default installation of Wowza Streaming Engine™ media server software 4.0 and later runs as the root user. If you want to run Wowza Streaming Engine as a different user, you need to create a new user and then configure the server to run as that new user. Configuration is simpler on macOS than on Linux.

Notes:
  • For security, most Linux and Unix distributions only allow the root user to bind to port numbers lower than 1024. If you plan to run Wowza Streaming Engine on a lower-numbered port such as 80 (HTTP), 443 (HTTPS, RTMPS), or 554 (RTSP), then Wowza Streaming Engine must continue to run as the root user. However, Linux doesn't allow non-root users to start ports under 1024. To work around this, start Wowza Streaming Engine on port 1935, then redirect the port:
     
    iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 1935
  • Some Wowza Streaming Engine updates may replace these files. Back up any modified startup scripts before performing this update, and then carefully redo your changes after applying the update.

Contents


Linux configuration
macOS configuration

Linux configuration


Notes:
  • You must be the root user in order to perform the following procedure.
     
  • These instructions are for Wowza Streaming Engine 4.0.1. You may need to adjust the paths to suit the installation paths of your Wowza media server software version.
  1. Create a new user and group named wowza.
    groupadd wowza
    useradd -g wowza wowza
    passwd wowza
  2. Change ownership and permissions on the Wowza Streaming Engine installation files. For example:
    cd /usr/local
    chown -h wowza:wowza WowzaStreamingEngine
    chown -R wowza:wowza WowzaStreamingEngine-4.0.1
    chmod -R 775 WowzaStreamingEngine-4.0.1
    rm -f /var/run/WowzaStreamingEngine*
  3. Change the command that's used to start the server so that it runs as the new wowza user.
     
    1. Change directory to the /usr/local/WowzaStreamingEngine/bin directory.
       
    2. Edit the standalone startup script and remove or comment out the following lines:
      # check for root access. If not, put up message and exit
      if [ "$(/usr/bin/id -u)" -ne "0" ] ; then
      echo "The Wowza Streaming Engine requires root access to start. Please run script again using sudo."
      exit
      fi

      This allows any user to start Wowza Streaming Engine in standalone mode. To make it start as a specific user that is not the logged-in user, also make the following changes. To run the services as a specific user, skip to step 4.

    3. Locate the following line (line 43 in the Wowza Streaming Engine 4.0.1 startup.sh file) and add sudo -u wowza to the begining of the line. It should look like this:
      sudo -u wowza $_EXECJAVA $WMSTUNE_OPTS $JMXOPTIONS -Dcom.wowza.wms.runmode="$mode" -Dcom.wowza.wms.native.base="linux" -Dcom.wowza.wms.AppHome="$WMSAPP_HOME" -Dcom.wowza.wms.ConfigURL="$WMSCONFIG_URL" -Dcom.wowza.wms.ConfigHome="$WMSCONFIG_HOME" -cp $WMSAPP_HOME/bin/wms-bootstrap.jar com.wowza.wms.bootstrap.Bootstrap start
    4. To have the service run as a specific user, edit the service startup script wms.sh and locate the same line (currently line 29 in the Wowza Streaming Engine 4.0.1 wms.sh file), and then make the same change.
       
      Note: The lines in each script are slightly different so don't copy and paste the entire line from one script to the other.
      sudo -u wowza $_EXECJAVA $WMSTUNE_OPTS $JMXOPTIONS -Dcom.wowza.wms.runmode="service" -Dcom.wowza.wms.native.base="linux" -Dcom.wowza.wms.AppHome="$WMSAPP_HOME" -Dcom.wowza.wms.ConfigURL="$WMSCONFIG_URL" -Dcom.wowza.wms.ConfigHome="$WMSCONFIG_HOME" -cp $WMSAPP_HOME/bin/wms-bootstrap.jar com.wowza.wms.bootstrap.Bootstrap $WMSCOMMAND > /dev/null 2>&1  &
    5. When you use sudo to run a process, the returned process pid is the pid for sudo; it's not the pid for the Wowza process. To change this, locate the following:
      if [ "$WMSCOMMAND" = "start" ]; then
          echo $! > ${WMSPIDFILE}
          wait $PID
      fi

      and change the code to look like the following:

      if [ "$WMSCOMMAND" = "start" ]; then
          while [ -z "$WOWZA_PID" ]
          do
              WOWZA_PID=$(ps --no-headers -o pid --ppid $PID)
          done
      
          echo $WOWZA_PID > ${WMSPIDFILE}
          wait $!
      fi

      This ensures that the pid that's saved will be the correct one, the one that will be needed to shut down the server later.

    6. Locate the following line and add sudo -u wowza to the beginning of the line:
      sudo -u wowza $_EXECJAVA -cp "$WMSAPP_HOME/lib/slf4j-api-1.6.4.jar:$WMSAPP_HOME/lib/slf4j-log4j12-1.6.4.jar:$WMSAPP_HOME/lib/wms-xstream-1.4.5.jar:$WMSAPP_HOME/lib/wms-jax.validation.jar:$WMSAPP_HOME/lib/wms-core.jar:$WMSAPP_HOME/lib/bcprov-jdk15on-149.jar:$WMSAPP_HOME/lib/commons-lang-2.6.jar:$WMSAPP_HOME/lib/wms-license-rest.jar:$WMSAPP_HOME/lib/wms-rest.jar:$WMSAPP_HOME/lib/wms-server.jar:$WMSAPP_HOME/lib/wms-bootstrap.jar:$WMSAPP_HOME/lib/wms-restlet-2.1.6.jar:$WMSAPP_HOME/lib/wms-restlet-2.1.6.org.restlet.ext.simple.jar:$WMSAPP_HOME/lib/log4j-1.2.17.jar" -Dcom.wowza.wms.runmode="$mode" -Dcom.wowza.wms.native.base="linux" -Dcom.wowza.wms.AppHome="$WMSAPP_HOME" -Dcom.wowza.wms.ConfigURL="$WMSCONFIG_URL" -Dcom.wowza.wms.ConfigHome="$WMSCONFIG_HOME" com.wowza.wms.standalone.rest.LicenseUpdateServer
    7. Allow the non-root user to set maximum number of open files.

      The non-root user has system applied ulimit values. Wowza Streaming Engine 4.0 (or later) requires a specific value.

      As the root user, edit /etc/security/limits.conf and add the following entries:
       
      wowza            soft          nofile          20000
      wowza            hard          nofile          20000

      This assumes the non-root user is wowza.
       

    8. Allow the use of sudo without a tty

      To allow the use of sudo during system startup we need to allow it to start a shell without a tty (for example, a display).

      As the root user run this command: visudo

      Find the line beginning

      Defaults    requiretty

      and comment it out

      #Defaults    requiretty
    9. Start Wowza Streaming Engine in standalone or service mode, and then verify that it's running as the user wowza by opening Terminal and executing the command ps -ja to see the list of running processes.

     
  4. To make the manager run as the same user, navigate to the /usr/local/WowzaStreamingEngine/manager/bin folder and edit startmgr.sh.
     
    1. Locate the following lines:
      if [ "$WMSMGRCOMMAND" = "start" ]; then
          $RUNCMD $CMD $BACKGRND &
      else
          $CMD
      fi

      and change them to the following:

      if [ "$WMSMGRCOMMAND" = "start" ]; then
          $RUNCMD sudo -u wowza $CMD $BACKGRND &
      else
          sudo -u wowza $CMD
      fi

      The first line controls how the service is run and the second controls how standalone mode is run.

    2. You also need to make the same changes for the main Wowza Streaming Engine service so that the Wowza Streaming Engine Manager service pid is saved correctly. Locate the following lines:
      # Linux
      if [ "$WMSMGRCOMMAND" = "start" ]; then
          echo $! > ${WMSMGRPID_FILE}
          wait $PID
      fi

      and change them to the following:

      # Linux
      if [ "$WMSMGRCOMMAND" = "start" ]; then
          while [ -z "$WOWZA_PID" ]
          do
              WOWZA_PID=$(ps --no-headers -o pid --ppid $PID)
          done
          echo $WOWZA_PID > ${WMSMGRPID_FILE}
          wait $PID
      fi
    3. Modify the Wowza Streaming Engine Manager startup script to set the values of WMSMGRPID_FILE and WMSMGRLOCK_FILE to a location that is writeable to a non-root user.

      Edit /usr/local/WowzaStreamingEngine/manager/bin/WowzaStreamingEngineManager (this is symlinked at /etc/init.d/WowzaStreamingEngineManager)

      Find the definition of the variables:
       
      WMSMGRPID_FILE="/var/run/$WMSMGRBASE_NAME.pid"
      WMSMGRLOCK_FILE="/var/run/$WMSMGRBASE_NAME"

      Modify the file path to somewhere that the non-root user can write to:

      WMSMGRPID_FILE="/tmp/$WMSMGRBASE_NAME.pid"
      WMSMGRLOCK_FILE="/tmp/$WMSMGRBASE_NAME"
    4. Start Wowza Streaming Engine Manager in standalone or service mode and verify that it's running as the user wowza by opening Terminal and executing the command ps -ja to see the list of running processes.
Note: You may need to edit /etc/sudoers to comment out the Defaults requiretty.

macOS configuration


If you want to run in standalone mode as the normal logged-in user on macOS, you only need to set the permissions on the files and folders so that you can access and modify them. If you want to run as a specific user, then you'll also have to create that user and use sudo to run as that user.
 
  1. Create a new user named wowza:
     
    1. Open the Users and Groups systems preferences panel.
       
    2. Unlock the add user functionality by clicking on the lock icon in the lower-left corner of the panel (you'll be asked to enter your administrative password).
       
    3. To add a new user, click Plus (+) below the list of users.
       
    4. Select Administrator as the New Account type, and then enter wowza as the Full Name and Account Name.
       
    5. Select Use separate password, enter a password in the Required and Verify boxes, and then click Create User.
  2. Change the permissions on the Wowza Streaming Engine installation files. Open Terminal and then enter the following commands (be sure to specify the correct Wowza Streaming Engine version):
    cd /Library 
    sudo chown wowza:admin WowzaStreamingEngine
    sudo chown -R wowza:admin WowzaStreamingEngine-4.0.1
  3. If running in standalone mode as a specific user that is not the logged-in user, then you also have to perform the following procedure. If you want to run the service as a specific user, skip to step 4.
     
    1. Change directory to the /Library/WowzaStreamingEngine/bin directory.
       
    2. Edit the standalone startup script startup.sh and add sudo -u wowza to the following line (line 34 in the Wowza Streaming Engine 4.0.1 startup.sh file). This line should now be:
      sudo -u wowza $_EXECJAVA $WMSTUNE_OPTS $JMXOPTIONS -Dcom.wowza.wms.runmode="$mode" -Dcom.wowza.wms.native.base="osx" -Dcom.wowza.wms.AppHome="$WMSAPP_HOME" -Dcom.wowza.wms.ConfigURL="$WMSCONFIG_URL" -Dcom.wowza.wms.ConfigHome="$WMSCONFIG_HOME" -cp $WMSAPP_HOME/bin/wms-bootstrap.jar com.wowza.wms.bootstrap.Bootstrap start
    3. Change to the /Library/WowzaStreamingEngine/manager/bin directory, edit startmgr.sh, and locate the following lines:
      if [ "$WMSMGRCOMMAND" = "start" ]; then
          $RUNCMD $CMD $BACKGRND &
      else
          $CMD
      fi

      Modify them so they look like the following code:

      if [ "$WMSMGRCOMMAND" = "start" ]; then
          $RUNCMD <b>sudo -u wowza</b> $CMD $BACKGRND &
      else
          sudo -u wowza $CMD
      fi

      The first line controls how the service is run and the second controls how standalone mode is run.

  4. If you've made the changes above, then you don't need to make any changes to the service scripts in order to run Wowza Streaming Engine as a specific user. If you haven't made these changes, then in order for the services to run as the logged-in user (or a different user), you must edit the files used to configure the services.
     
    1. Change to the /Library/LaunchDaemons/ directory.
       
    2. Edit each of the com.wowza.wms.WowzaStreamingEngine.plist and com.wowza.wms.WowzaStreamingEngineManager.plist files as the root user. Locate the UserName key, and then change the following string value to the username that will run the service.
      <key>UserName</key>
      <string>wowza</string>
  5. Start Wowza Streaming Engine Manager in standalone or service mode and verify that it's running as the user wowza by opening Terminal and executing the command ps -ja to see the list of running processes.