Like all processes, the AccuRev Server and AccuRev Database Server processes have an operating-system user identity. It should be a unique user identity, not used by any other program. This helps to ensure that no other user or process has access to the repository.
CAUTION: The AccuRev Database Server cannot be run as the
root user. In addition, do not attempt to run the AccuRev Server as
root. Some user-supplied trigger scripts run under the operating-system identity of the AccuRev Server, which poses a significant security risk. (See
Trigger Script Execution and User Identities on page 96.)
We suggest that you create an operating-system user named acserver, belonging to a group named
acgroup. (Any similar names will do.) Only the AccuRev Server should run as
acserver.
For emergency “manual” access to the repository, you can create another user identity — say, acadmin — and place that user in the same group,
acgroup. You can configure UNIX/Linux-level auditing and place other appropriate controls on this account; this leaves the
acserver account (and thus, the AccuRev Server process) unencumbered by such controls.
Configure the AccuRev Server to run with the
acserver/
acgroup identity by placing these names in the server configuration file,
acserver.cnf. See
UNIX/Linux: Controlling the Server’s Operating-System User Identity on page 13.
The AccuRev Server and AccuRev Database Server run as Windows services. By default, these services run as the built-in local user named
System. This user identity must have access to the AccuRev executables (
bin) directory and to the repository. See
Repository Access Permissions on page 1.
You can use the Services control panel to configure the services to run under another identity (“account”).