PhixFlow Help

Users and File System

This section describes how to set up users and the file system to support the database and PhixFlow.

PhixFlow supports all of the major server operating systems, UNIX, Linux and Windows. The information in this section describes users, file structures and permissions for typical Linux and Microsoft Windows installations however the requirements/principles remain the same for the other operating systems.

Linux/UNIX

Users & Groups

To support secure and auditable access, the following groups and users should be created:

Group: phixflow

This group is the primary group for all PhixFlow users below (phixflow, individual and tomcat)

Group: oinstall

This is the standard name for the Oracle install group. Users phixflow and tomcat should be members of this group.

User: phixflow

This user owns the PhixFlow directory (‘/opt/phixflow’) and will be used to perform certain maintenance tasks. This user should be able to

  • read and write to the PhixFlow directory
  • read from the Tomcat directory (‘/opt/tomcat’)

This user should not be able to:

  • log on directly from a remote machine - support users should log on using their individual user names then switch (‘su’) to phixflow when required
  • write to the Tomcat directory (‘/opt/tomcat’)

Individual Support Users

These represent individuals who will perform support and maintenance tasks on PhixFlow. These users should be able to

  • log on from a remote machine
  • transfer files to/from external PhixFlow sites via FTP
  • read and write to the PhixFlow directory (‘/opt/phixflow’)
  • read from the Tomcat directory (‘/opt/tomcat’)

These users should not be able to:

  • write to the Tomcat directory (‘/opt/tomcat’)

At the administrator’s discretion, the phixflow user and individual support users may be combined into a single user.

User: tomcat

The tomcat user will be used to run the Apache Tomcat web server, and will own all files directly used by the web server. This user should be able to

  • read and write files in the Tomcat directory

This user should not be able to

  • log on directly from a remote machine - support users should log on using their individual user names then switch (‘su’) to tomcat when required

Notes

1.

If on Linux: increase the per-user limit on open files for the tomcat user to 4096.

To do this edit /etc/security/limits.conf and add the following line:

tomcat          hard    nofile          4095

 

2.

Set umask 22 for the tomcat  user and umask 2 for user phixflow and individual support users.

 

3.

Add the oracle user to the phixflow group – this will allow oracle to write data pump files into the PhixFlow directory

File System

The following directories should be set up within the application installations and data partition.

Directory

Owner

Owner rights

Group rights

Other rights

$app/phixflow

phixflow

rwx

rwS

---

$app/phixflow/data

phixflow

rwx

rwS

---

$app/phixflow/data/import

phixflow

rwx

rwS

---

$app/phixflow/data/export

phixflow

rwx

rwS

---

$app/phixflow/data/archive

phixflow

rwx

rwS

---

$app/phixflow/data/restore

phixflow

rwx

rwS

---

$app/phixflow/data/templates

phixflow

rwx

rwS

---

$app/phixflow/data/plugins

phixflow

rwx

rwS

---

$app/phixflow/data/temp

phixflow

rwx

rwS

---

$app/phixflow/dbexport

phixflow

rwx

rwS

---

$app/phixflow/release

phixflow

rwx

rwS

---

$app/phixflow/temp

phixflow

rwx

rwS

---

$app/tomcat

tomcat

rwx

r-x

---

In addition, the following logical directory structure should be set up:

Directory

Link To

/opt/phixflow

$app/phixflow

/opt/tomcat

$app/tomcat

Notes

1.

/opt/phixflow and all directories beneath it have the group id bit set in order to ensure that all directories and files under /opt/phixflow can be read and written by any PhixFlow support user and by tomcat

 

2.

/opt/tomcat and all directories beneath it have the group permissions set to read-only so that only the tomcat user can write or modify files under /opt/tomcat

WINDOWS

Users & Groups

By default, both the database and web app server run under the local SYSTEM account so there is no need to set up any additional users or groups for running the applications however user accounts should be set up for installation and support purposes.

You need a user with local administrator access in order to install the database, web app server or PhixFlow.

Individual Support Users

These represent individuals who will install PhixFlow and perform support and maintenance tasks on PhixFlow. These users should have local administrator rights on the server and should be able to:

  • log on to the server via a remote desktop session
  • transfer files to/from external PhixFlow sites via FTP
  • read and write to the PhixFlow directory (‘$app/phixflow’)
  • read and write to the Tomcat directory (‘$app/tomcat’)

At the administrator’s discretion, a single support user ‘phixflow’ user may be set up however we recommend setting up individual accounts.

File System

The following directories should be set up within the application installations and file data partition.

Directory

$app/phixflow

$app/phixflow/data

$app/phixflow/data/import

$app/phixflow/data/export

$app/phixflow/data/archive

$app/phixflow/data/restore

$app/phixflow/data/templates

$app/phixflow/data/plugins

$app/phixflow/data/temp

$app/phixflow/dbexport

$app/phixflow/release

$app/phixflow/temp

$app/tomcat

In addition, the following logical directory structure should be set up:

Directory

Link To

C:/opt/phixflow

$app/phixflow

C:/opt/tomcat

$app/tomcat

Notes

1.

To set up an NTFS symbolic link:

Run cmd.exe (you might need to run as administrator)

MKLINK [/D] link target

e.g.

cmd> cd c:\opt

cmd> mklink /D tomcat c:\u02\tomcat

Please let us know if we could improve this page feedback@phixflow.com