running IndigoServer under non-admin accounts

Questions and comments about the Indigo Server. You can also post here if you're unclear which other forum to post to.
nsosnicki
Posts: 168
Joined: Sun Nov 14, 2004 10:57 am
Location: Boston, MA, US

running IndigoServer under non-admin accounts

Post by nsosnicki »

Looks really nice.

In the docs, it says
The server can run headless (no UI) in the background on your Mac while consuming minimal CPU resources.
does this mean the app should be able to run completely as a service (no local user logged in) or does this mean that there must be a local user logged in, but no interactive application running?

In my environment, the server keeps running when I quit the app, but stops when I log out.
User avatar
matt (support)
Site Admin
Posts: 21476
Joined: Mon Jan 27, 2003 1:17 pm
Location: Texas
Contact:

Re: Headless Server

Post by matt (support) »

The current beta must be run under an admin user account (non-admin clients can connect to the server on the same machine). We are experimenting with running the Indigo Server as a true daemon before any users are logged on.

It appears to work (after some file/folder permission changes) but it requires you to run the Indigo Server is a special mode that disables all AppleScript functionality. Unfortunately, the OS does not let you run AppleScripts at all until a user is logged on. The problem then becomes how to transition between having Indigo Server run in this AppleScript-less mode while no users are logged on to the full AppleScript mode once a user does login. If you can live with no AppleScript running at all (or don't mind manually stopping the Indigo Server daemon and relaunching it whenever you login), then it appears to work now.

Regards,
Matt
nsosnicki
Posts: 168
Joined: Sun Nov 14, 2004 10:57 am
Location: Boston, MA, US

Post by nsosnicki »

For my use, Applescript is a must have.

I run Indigo on a dedicated server (not dedicated exclusively to Indigo, but a box that no one ever needs to locally log in to), so ideally, I'd like to have Indigo demonized with Applescript support without the need for a GUI login.

Understanding the Applescript limitation, the next best thing would be for Indigo to be able to run under a non-admin account (either with a GUI or not, really doesn't matter at that point except for the CPU cycles). For security purposes, I'd prefer not to leave an interactive admin session open on the server all the time.
User avatar
matt (support)
Site Admin
Posts: 21476
Joined: Mon Jan 27, 2003 1:17 pm
Location: Texas
Contact:

Post by matt (support) »

nsosnicki wrote:For my use, Applescript is a must have.

I run Indigo on a dedicated server (not dedicated exclusively to Indigo, but a box that no one ever needs to locally log in to), so ideally, I'd like to have Indigo demonized with Applescript support without the need for a GUI login.

Understanding the Applescript limitation, the next best thing would be for Indigo to be able to run under a non-admin account (either with a GUI or not, really doesn't matter at that point except for the CPU cycles). For security purposes, I'd prefer not to leave an interactive admin session open on the server all the time.
Yeah, it would be nice if AppleScript was available before login. Unfortunately, it requires the WindowServer process which isn't started by the OS until after someone logs on.

IndigoServer can run under non-admin accounts once you modify some folder/file permissions. Modify the file permissions (and/or file owner) of this folder and all sub-folders (and files):

Code: Select all

/Library/Application Support/Perceptive Automation/Indigo 5/
By design, all of the server settings, database files, log files, etc., inside that single folder to make modifying file/folder permissions simpler.

Once the account under which IndigoServer runs has full read/write access to those folders and files, it will work.

Regards,
Matt
Last edited by matt (support) on Mon Sep 14, 2009 3:11 pm, edited 3 times in total.
nsosnicki
Posts: 168
Joined: Sun Nov 14, 2004 10:57 am
Location: Boston, MA, US

Post by nsosnicki »

I changed the permissions and then tried to start it from a non-admin account. There must be a check to see if the current user is an admin, because I get a message "non-admin users can only connect to Indigo servers which are already running..."

So I tried running IndigoServer from the command line (not sure what the correct command line arguments, if any, would be). For the non-admin user; it fires up but dies in a second.

If I sudo as root I can run it (I get all of the CONFIG INFO messages) but it doesn't seem to do anything; that is, it does not respond to traffic on the interface nor can I connect to it from the Indigo client on a remote machine. The server stays in this state until I connect to it with the Indigo client on the local machine. Then it "springs to life" allowing me to quit the local client and connect with a remote client, responds to the interface, and Applescript works.

It's not ideal because now I have an open terminal window logged in as root on the server. However, definitely promising.
User avatar
matt (support)
Site Admin
Posts: 21476
Joined: Mon Jan 27, 2003 1:17 pm
Location: Texas
Contact:

Post by matt (support) »

The version I just posted, beta 2, should now run under guest accounts after you modify all the file/folder permissions as discussed above. The "admin" check now just tries to write to the Indigo 2 folder, if that succeeds then it tries to launch the server. Let me know how it works for you.

Matt
nsosnicki
Posts: 168
Joined: Sun Nov 14, 2004 10:57 am
Location: Boston, MA, US

Post by nsosnicki »

Works great!

The installer seems to reset the permissions, but after I changed them back, runs like a champ.
gmusser
Posts: 290
Joined: Sat Feb 12, 2005 8:13 pm
Location: New Jersey

Post by gmusser »

What exactly should I change the permissions to? Global read/write? Or do I need to chown to the server account?
George
User avatar
matt (support)
Site Admin
Posts: 21476
Joined: Mon Jan 27, 2003 1:17 pm
Location: Texas
Contact:

Post by matt (support) »

gmusser wrote:What exactly should I change the permissions to? Global read/write? Or do I need to chown to the server account?
George
Hi George,

All users under which you will be starting the server will need read/write access. If you have a specific user account under which you will always start the server, then I believe just a chown to that user will work. If you might also run it under another account (say your admin account), then that will need access as well. All folders/files should default to having group/owner +RW access, so as long as your accounts are either the owner or group, I think it'll work.

Regards,
Matt
nsosnicki
Posts: 168
Joined: Sun Nov 14, 2004 10:57 am
Location: Boston, MA, US

Post by nsosnicki »

I just set the owner to the account running the app R/W, the group to admin R/W, and others, no access.

Maybe the installer could ask at install time if you are installing for use by one particular user or by all users to control if the files get created in /Library or ~/Library. As an example, this is how the SlimServer installer works.
Otis69
Posts: 36
Joined: Wed Jul 12, 2006 7:30 am
Location: Shasta Lake, CA

Post by Otis69 »

1) Create a new NON-Admin user account.
2) Change the Indigo Application Group to that account and give it RW permissions.
3) Go to Library - Application Support -Perceptive Automation and change that folder's Group to the Non-Admin account, give it RW permissions and then click Apply to enclosed items.

From now on: You only need to log into the Non-Admin account to run Indigo.

I have Indigo as one of the start-up items in the Non-Admin account. So when I log into the Non-Admin account Indigo automatically starts up.

That's it.

:D :D :D
Last edited by Otis69 on Mon Feb 26, 2007 11:52 am, edited 3 times in total.
wwhigginsjr
Posts: 45
Joined: Tue Feb 06, 2007 6:33 pm

Post by wwhigginsjr »

All-

I'm new to Indigo/home automation, but am a long time Mac user.

I'm running Indigo v2.0.0 on a headless server, and am successfully accessing Indigo sever via Indigo client via the local LAN. All was set-up according to posts in this thread. That is, Indigo server is running under a non-admin user at server, and that non-admin user remains logged in 24x7x365 (minus any downtime for maintenance, etc.).

Currently, I don't need AppleScript support from Indigo (in contrast to post from "nsosnicki" on 9-7-2006). Is there any way to run Indigo server without any user logged in? Like "nsosnicki", I'd like to run Indigo server "daemon-ized", but unlike "nsosnicki", I don't need AppleScript. I've inferred that it can be done (from post by "support/Site Admin" also on 9-7-2006), but there are no instructions provided.

If someone can provide instructions on how to run Indigo headless and without any user logged in (sacrificing AppleScript), I'd greatly appreceate it.
User avatar
matt (support)
Site Admin
Posts: 21476
Joined: Mon Jan 27, 2003 1:17 pm
Location: Texas
Contact:

Post by matt (support) »

wwhigginsjr wrote:If someone can provide instructions on how to run Indigo headless and without any user logged in (sacrificing AppleScript), I'd greatly appreceate it.
To launch IndigoServer in daemon mode pass the flag -daemon to it when you launch it. You'll probably want to create a launchd plist and put it into the LaunchDaemons folder to get it running automatically (and to pass it the -daemon argument). Lingon can help create such a plist. Running Indigo in daemon mode is currently supported at a beta level. There might be some issues with it (besides AppleScript being disabled), but I do know a couple of users that are using it without any major issues.

Regards,
Matt
wwhigginsjr
Posts: 45
Joined: Tue Feb 06, 2007 6:33 pm

Post by wwhigginsjr »

Matt-

Thanks for the lead, but I'm not able to get this working. Downloaded Lingon. Tried the following as "Program Arguments" in Lingon:

/Applications/Indigo 2.app/Contents/MacOS/Indigo 2 -daemon

Also tried separating into two lines:

/Applications/Indigo 2.app/Contents/MacOS/Indigo 2
-daemon

In both cases, Indigo "launched" but then failed. Can you be more specific in your "how to" instructions. Thanks in advance.
wwhigginsjr
Posts: 45
Joined: Tue Feb 06, 2007 6:33 pm

Post by wwhigginsjr »

All-

Got this working. The "Program Arguments" in my post immediately above directed launcd to start the Indigo CLIENT, not the Indigo SERVER. launchd obviously needs to start the Indigo SERVER. Here's the correct "Program Arguments" in Lingon:

/Library/Application Support/Perceptive Automation/Indigo 2/IndigoServer.app/Contents/MacOS/IndigoServer
-daemon

I left the -daemon flag/argument on a second line, but am guessing it also works with just a space (" ") between the arguments and on one line.

The completed launchd plist file for Indigo Server goes in the folder:

/Library/LaunchDaemons

In Lingon, this plist file location gets categorized as "Users Daemons". Some may think the name "Users Daemons" is somewhat misleading (given the point of this exercise was to have launchd start Indigo Server without ANY user logged in), but my understanding is that placing the plist file in /Library/LaunchDaemons means it runs for ALL users (including no user at all).

Important point is that the launchd plist file for Indigo Server should not go in ~/Library/LaunchAgents (which Lingon calls "My Agents") or it will only start when that user ("~") logs in (and will not re-start if stopped because it's an agent, not a daemon). Similarly, it should not go in /Library/LaunchAgents (which Lingon calls "Users Agents") as it will only start for ALL/NO users, but will not re-start if stopped (again, agent vs. daemon). Lastly, the plist file should not go in either /System/Library/LaunchAgents or in /System/Library/LaunchDaemons. Only Apple gets to mess with the stuff in /System!

Hope this is helpful. Thanks to Matt for the lead and the link to Lingon, which greatly simplifies writing launchd plist files.
Post Reply

Return to “Indigo Server Software”