Run Foundation Hub on Linux from a non-privileged account using the systemd unit bhub.service

Program

BIOVIA Foundation Hub (version 2024 SP1 and later)

 

Operating System

Red Hat Enterprise Linux (versions as supported by the respective Foundation Hub version)

 

Summary

As of version 2024 SP1, BIOVIA Foundation Hub provides the systemd unit 'bhub.service' to start and stop the Foundation Hub service. The unit can be optionally installed into the default systemd directory /etc/systemd/system during the setup of Foundation Hub. By default, the unit starts Foundation Hub as root user. The following solution explains how to run Foundation Hub from a non-privileged application user instead.
 

Solution

The default version of the unit does not specify an explicit user under which the Foundation Hub service is supposed to be executed. Without a distinct user and group definition, systemd starts the service from the root account. However, by specifying a user and optionally a group in the unit, you can enable the execution of the service by this user and group.

The following steps describe how to reconfigure the unit to run the service from a named, non-privileged user account. For these steps, we assume that the Foundation Hub files are installed into the directory /opt/BIOVIA/foundation. Likewise, we assume that the directory and its files are owned by the non-privileged user 'biovia' with the primary group 'biovia', and the Foundation Hub service is supposed to run from that 'biovia' account and group.        
 

Scenario 1 - the bhub.service unit is already installed

  1. Login to the Foundation Hub server with an account with sudo privileges.
  2. Stop the Foundation Hub service. 

    sudo systemctl stop bhub.service
  3. Make a backup copy of the bhub.service file in /etc/systemd/system. 
  4. Open the bhub.service file in a text editor. Note that you must open the file with root privileges as it is only readable and writable by root.
  5. Locate the following lines in the file:

    [Service]
    Type=forking

    Insert the following lines directly after it:

    User=biovia
    Group=biovia
  6. Save the modified file.
  7. Instruct systemd to reload the modified unit file.

    sudo systemctl daemon-reload
  8. Switch to the Foundation Hub logfile directory and change the ownership of the existing logfiles.

    cd /opt/BIOVIA/foundation/apache-tomcat/logs
    sudo chown biovia:biovia ./*
  9. Start the Foundation Hub service.

    sudo systemctl start bhub.service

 

Scenario 2 - the bhub.service unit is not yet installed.

  1. Login to the Foundation Hub server with an account with sudo privileges.
  2. Stop the Foundation Hub service.
  3. Make a backup copy of the bhub.service file in /opt/BIOVIA/foundation/apache-tomcat/bin.
  4. Open the bhub.service file in a text editor. Note that you might need to open the file with root privileges unless you are logged in with the user that owns the file.
  5. Locate the following lines in the file:

    [Service]
    Type=forking

    Insert the following lines directly after it:

    User=biovia
    Group=biovia
  6. Save the modified file. 
  7. Switch to the Foundation Hub logfile directory and change the ownership of the existing logfiles.

    cd /opt/BIOVIA/foundation/apache-tomcat/logs
    sudo chown biovia:biovia ./*
  8. Install and start the modified systemd unit.

    cd /opt/BIOVIA/foundation/apache-tomcat/bin
    sudo ./install_service.sh

    Please note that Foundation Hub will be automatically loaded upon system startup after the installation of the unit. If you have already implemented another method to load Foundation Hub at startup, please disable it.