• How to run Wowza Streaming Engine as a Named User (Linux and OS X)

    On Linux and OS X operating systems, the default installation of Wowza Streaming Engine™ 4.0 (or later) runs as the root user. If you want to run the server as a different user, use the following instructions to create a new user, and then configure the server to run as that new user. Configuration on OS X is simpler than on Linux

    Notes:
    • For security reasons, most Linux and Unix distributions only allow the root user to bind to port numbers less than 1024. If you plan on running the Wowza media server on a lower-numbered port such as 80 (HTTP), 443 (HTTPS, RTMPS), or 554 (RTSP), then the server must continue to run as the root user. See How to run Wowza Media Server as non-root user on port 80 for a method that uses a firewall redirect to allow the use of lower port numbers.

    • Some Wowza Streaming Engine updates may replace these files. You should back up any modified startup scripts before performing this update, and then carefully redo your changes after applying the update.

    Contents


    Linux configuration
    OS X configuration

    Linux configuration


    Notes:
    • You must be the root user in order to perform the following procedure.

    • These instructions are for Wowza Streaming Engine 4.0.1. You may need to adjust the paths to suit the installation paths of your Wowza media server software version.
    1. Create a new user and group named wowza.
      groupadd wowza
      useradd -g wowza wowza
      passwd wowza
    2. Change ownership and permissions on the Wowza Streaming Engine installation files. For example:
      cd /usr/local
      chown -h wowza:wowza WowzaStreamingEngine
      chown -R wowza:wowza WowzaStreamingEngine-4.0.1 
      chmod -R 775 WowzaStreamingEngine-4.0.1
      rm -f /var/run/WowzaStreamingEngine*
    3. Change the command that's used to start the server so that it runs as the new wowza user.

      1. Change directory to the /usr/local/WowzaStreamingEngine/bin directory.

      2. Edit the standalone startup script and remove or comment out the following lines:
        # check for root access. If not, put up message and exit
        if [ "$(/usr/bin/id -u)" -ne "0" ] ; then
            echo "The Wowza Streaming Engine requires root access to start. Please run script again using sudo."
            exit
        fi
        This allows any user to start Wowza Streaming Engine in standalone mode. To make it start as a specific user that is not the logged-in user, also make the following changes. To run the services as a specific user, skip to step 4.

      3. Locate the following line (line 43 in the Wowza Streaming Engine 4.0.1 startup.sh file) and add sudo -u wowza to the begining of the line. It should look like this:
        sudo -u wowza $_EXECJAVA $WMSTUNE_OPTS $JMXOPTIONS -Dcom.wowza.wms.runmode="$mode" -Dcom.wowza.wms.native.base="linux" -Dcom.wowza.wms.AppHome="$WMSAPP_HOME" -Dcom.wowza.wms.ConfigURL="$WMSCONFIG_URL" -Dcom.wowza.wms.ConfigHome="$WMSCONFIG_HOME" -cp $WMSAPP_HOME/bin/wms-bootstrap.jar com.wowza.wms.bootstrap.Bootstrap start
      4. To have the service run as a specific user, edit the service startup script wms.sh and locate the same line (currently line 29 in the Wowza Streaming Engine 4.0.1 wms.sh file), and then make the same change.

        Note: The lines in each script are slightly different so don't copy and paste the entire line from one script to the other.
        sudo -u wowza $_EXECJAVA $WMSTUNE_OPTS $JMXOPTIONS -Dcom.wowza.wms.runmode="service" -Dcom.wowza.wms.native.base="linux" -Dcom.wowza.wms.AppHome="$WMSAPP_HOME" -Dcom.wowza.wms.ConfigURL="$WMSCONFIG_URL" -Dcom.wowza.wms.ConfigHome="$WMSCONFIG_HOME" -cp $WMSAPP_HOME/bin/wms-bootstrap.jar com.wowza.wms.bootstrap.Bootstrap $WMSCOMMAND > /dev/null 2>&1  &
      5. When you use sudo to run a process, the returned process pid is the pid for sudo; it's not the pid for the Wowza process. To change this, locate the following:
        if [ "$WMSCOMMAND" = "start" ]; then
        echo $! > ${WMSPIDFILE}
        wait $PID
        fi
        and change the code to look like the following:
        if [ "$WMSCOMMAND" = "start" ]; then
        	while [ -z "$WOWZA_PID" ]
        	do
        		WOWZA_PID=$(ps --no-headers -o pid --ppid $PID)
        	done
        	
        	echo $WOWZA_PID > ${WMSPIDFILE}
        	wait $!
        fi
        This ensures that the pid that's saved will be the correct one, the one that will be needed to shut down the server later.

      6. Locate the following line and add sudo -u wowza to the beginning of the line:
        sudo -u wowza $_EXECJAVA -cp "$WMSAPP_HOME/lib/slf4j-api-1.6.4.jar:$WMSAPP_HOME/lib/slf4j-log4j12-1.6.4.jar:$WMSAPP_HOME/lib/wms-xstream-1.4.5.jar:$WMSAPP_HOME/lib/wms-jax.validation.jar:$WMSAPP_HOME/lib/wms-core.jar:$WMSAPP_HOME/lib/bcprov-jdk15on-149.jar:$WMSAPP_HOME/lib/commons-lang-2.6.jar:$WMSAPP_HOME/lib/wms-license-rest.jar:$WMSAPP_HOME/lib/wms-rest.jar:$WMSAPP_HOME/lib/wms-server.jar:$WMSAPP_HOME/lib/wms-bootstrap.jar:$WMSAPP_HOME/lib/wms-restlet-2.1.6.jar:$WMSAPP_HOME/lib/wms-restlet-2.1.6.org.restlet.ext.simple.jar:$WMSAPP_HOME/lib/log4j-1.2.17.jar" -Dcom.wowza.wms.runmode="$mode" -Dcom.wowza.wms.native.base="linux" -Dcom.wowza.wms.AppHome="$WMSAPP_HOME" -Dcom.wowza.wms.ConfigURL="$WMSCONFIG_URL" -Dcom.wowza.wms.ConfigHome="$WMSCONFIG_HOME" com.wowza.wms.standalone.rest.LicenseUpdateServer
      7. Allow the non-root user to set maximum number of open files.

        The non-root user has system applied ulimit values. Wowza Streaming Engine™ 4.0 (or later) requires a specific value.

        As the root user, edit /etc/security/limits.conf and add the following entries:

        wowza            soft          nofile          20000
        wowza            hard          nofile          20000
        (this assumes the non-root user is called wowza).


      8. Allow the use of sudo without a tty

        To allow the use of sudo during system startup we need to allow it to start a shell without a tty (i.e. a display)

        As the root user run this command: visudo

        Find the line beginning
        Defaults    requiretty
        and comment it out
        #Defaults    requiretty
      9. Start Streaming Engine in standalone or service mode, and then verify that it's running as the user wowza by opening a terminal window and executing the command ps -ja to see the list of running processes.


    4. To make the manager run as the same user, navigate to the /usr/local/WowzaStreamingEngine/manager/bin folder and edit startmgr.sh.

      1. Locate the following lines:
        if [ "$WMSMGRCOMMAND" = "start" ]; then
        	$RUNCMD $CMD $BACKGRND &
        else
        	$CMD 
        fi
        and change them to the following:
        if [ "$WMSMGRCOMMAND" = "start" ]; then
        	$RUNCMD sudo -u wowza $CMD $BACKGRND &
        else
        	sudo -u wowza $CMD 
        fi
        The first line controls how the service is run and the second controls how standalone mode is run.

      2. You also need to make the same changes for the main server service so that the manager service pid is saved correctly. Locate the following lines:
        	# Linux
        	if [ "$WMSMGRCOMMAND" = "start" ]; then
        		echo $! > ${WMSMGRPID_FILE}
        		wait $PID
        	fi
        and change them to the following:
                # Linux
                if [ "$WMSMGRCOMMAND" = "start" ]; then
                        while [ -z "$WOWZA_PID" ]
                        do
                                WOWZA_PID=$(ps --no-headers -o pid --ppid $PID)
                        done
                        echo $WOWZA_PID > ${WMSMGRPID_FILE}
                        wait $PID
                fi
      3. Modify the Streaming Engine Manager startup script to set the values of WMSMGRPID_FILE and WMSMGRLOCK_FILE to a location that is writeable to a non-root user.

        Edit /usr/local/WowzaStreamingEngine/manager/bin/WowzaStreamingEngineManager (this is symlinked at /etc/init.d/WowzaStreamingEngineManager)

        find the definition of the variables:

        WMSMGRPID_FILE="/var/run/$WMSMGRBASE_NAME.pid"
        WMSMGRLOCK_FILE="/var/run/$WMSMGRBASE_NAME"
        Modify the file path to somewhere that the non-root user can write to:

        WMSMGRPID_FILE="/tmp/$WMSMGRBASE_NAME.pid"
        WMSMGRLOCK_FILE="/tmp/$WMSMGRBASE_NAME"
      4. Start Wowza Streaming Engine™ Manager in standalone or service mode and verify that it's running as the user wowza by opening a terminal window and executing the command ps -ja to see the list of running processes.

    Note: You may need to edit /etc/sudoers to comment out the Defaults requiretty.

    OS X configuration


    If you want to run in standalone mode as the normal logged-in user on OS X, you only need to set the permissions on the files and folders so that you can access and modify them. If you want to run as a specific user, then you'll also have to create that user and use sudo to run as that user.

    1. Create a new user named wowza:

      1. Open the Users and Groups systems preferences panel.

      2. Unlock the add user functionality by clicking on the lock icon in the lower-left corner of the panel (you'll be asked to enter your administrative password).

      3. To add a new user, click Plus (+) below the list of users.

      4. Select Administrator as the New Account type, and then enter wowza as the Full Name and Account Name.

      5. Select Use separate password, enter a password in the Required and Verify boxes, and then click Create User.

    2. Change the permissions on the Wowza media server software installation files. Open a terminal window, and then enter the following commands (be sure to specify the correct Wowza media server version):
      cd /Library 
      sudo chown wowza:admin WowzaStreamingEngine 
      sudo chown -R wowza:admin WowzaStreamingEngine-4.0.1
    3. If running in standalone mode as a specific user that is not the logged-in user, then you also have to perform the following procedure. If you want to run the service as a specific user, skip to step 4.

      1. Change directory to the /Library/WowzaStreamingEngine/bin directory.

      2. Edit the standalone startup script startup.sh and add sudo -u wowza to the following line (line 34 in the Wowza Streaming Engine 4.0.1 startup.sh file). This line should now be:
        sudo -u wowza $_EXECJAVA $WMSTUNE_OPTS $JMXOPTIONS -Dcom.wowza.wms.runmode="$mode" -Dcom.wowza.wms.native.base="osx" -Dcom.wowza.wms.AppHome="$WMSAPP_HOME" -Dcom.wowza.wms.ConfigURL="$WMSCONFIG_URL" -Dcom.wowza.wms.ConfigHome="$WMSCONFIG_HOME" -cp $WMSAPP_HOME/bin/wms-bootstrap.jar com.wowza.wms.bootstrap.Bootstrap start
      3. Change to the /Library/WowzaStreamingEngine/manager/bin directory, edit startmgr.sh, and locate the following lines:
        if [ "$WMSMGRCOMMAND" = "start" ]; then
        	$RUNCMD $CMD $BACKGRND &
        else
        	$CMD 
        fi
        Modify them so they look like the following code:
        if [ "$WMSMGRCOMMAND" = "start" ]; then
        	$RUNCMD sudo -u wowza $CMD $BACKGRND &
        else
        	sudo -u wowza $CMD 
        fi
        The first line controls how the service is run and the second controls how standalone mode is run.

    4. If you've made the changes above, then you don't need to make any changes to the service scripts in order to have Streaming Engine run as a specific user. If you haven't made these changes, then in order for the services to run as the logged-in user (or a different user), you must edit the files used to configure the services.

      1. Change to the /Library/LaunchDaemons/ directory.

      2. Edit each of the com.wowza.wms.WowzaStreamingEngine.plist and com.wowza.wms.WowzaStreamingEngineManager.plist files as the root user. Locate the UserName key, and then change the following string value to the username that will run the service.
                <key>UserName</key>
                <string>wowza</string>
    5. Start Wowza Streaming Engine Manager in standalone or service mode and verify that it's running as the user wowza by opening a terminal window and executing the command ps -ja to see the list of running processes.



    Originally Published: For Wowza Streaming Engine 4.0 on 4-11-14.
    Updated: 01-06-2015.

    If you're having problems or want to discuss this article, post in our forum.