Task #12334 (new)
Opened 10 years ago
Last modified 10 years ago
RFE: Windows Service bin/omero admin diagostics and OMERO_TEMPDIR
Reported by: | khgillen | Owned by: | jamoore |
---|---|---|---|
Priority: | minor | Milestone: | Unscheduled |
Component: | Deployment | Version: | 5.0.2 |
Keywords: | windows, diagnostics | Cc: | ux@…, bpindelski |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description
The default OMERO windows install creates a Windows Service, which runs as the "LocalSystem?" account.
bin\omero admin diagnostics as an administrative user returns the temp dir if OMERO was running as that user.
Using psexec to open a CMD shell as the LocalSystem? account, running bin\omero admin diagnostics shows the correct folder.
As an administrative user
c:\OMERO.server>whoami lifesci-ad\kgillen-x c:\OMERO.server>bin\omero admin diagnostics ================================================================================ OMERO Diagnostics 5.0.2-rc1-ice33-b22 ================================================================================ OMERO data dir: 'C:\\OMERO5' Exists? True Is writable? True OMERO temp dir: 'C:\Users\kgillen-x\AppData\Roaming\omero\tmp' Exists? True Is writable? True (Size: 0) OMERO.web status... [NOT STARTED]
As Local System, via psexec -s -i
C:\Windows\system32>whoami nt authority\system c:\OMERO.server>bin\omero admin diagnostics ================================================================================ OMERO Diagnostics 5.0.2-ice33-b26 ============================================================================== OMERO data dir: 'C:\\OMERO5' Exists? True Is writable? True OMERO temp dir: 'C:\Windows\system32\config\systemprofile\AppData\Roaming\omero\ tmp' Exists? True Is writable? True (Size: 0) c:\Windows\System32\config\systemprofile\AppData\Roaming\omero>dir Volume in drive C has no label. Volume Serial Number is 2C01-2A11 Directory of c:\Windows\System32\config\systemprofile\AppData\Roaming\omero 21/05/2014 14:28 <DIR> . 21/05/2014 14:28 <DIR> .. 21/05/2014 14:28 <DIR> sessions 06/06/2013 16:57 <DIR> tmp 0 File(s) 0 bytes 4 Dir(s) 12,455,350,272 bytes free
Change History (4)
comment:1 Changed 10 years ago by jamoore
- Cc bpindelski added
comment:2 Changed 10 years ago by bpindelski
The bin/omero admin start command on Windows accepts a user name as a parameter (Windows user), that will be used as the Windows service owner (https://github.com/openmicroscopy/openmicroscopy/blob/dev_5_0/components/tools/OmeroPy/src/omero/plugins/admin.py#L291). I haven't investigated the logic for displaying the temporary folder path. I think that in the event of LocalSystem being the Windows service owner, we should display the correct OMERO temp dir path (i.e. C:\Windows\system32\config\systemprofile\AppData?\Roaming\omero\). I am not sure though how much I can do with pywin32.
Alternatively - we update the docs to recommend using psexec -s -i instead of Run as Administrator.
comment:3 Changed 10 years ago by bpindelski
Having second thoughts - is it really safe to write files to C:\Windows\system32? I'm leaning to the impression that having the OMERO temp folder in C:\Users is safer. Thinking about the server start-up workflow on Windows, we will always end up with an interactive shell started up as an existing Windows user. LocalSystem? is just the requirement of the SCM. I don't mind enforcing in code that the service has to be started up as the logged on user on Windows, but we would have to identify any corner cases where that could increase forum posts about "server not starting up". Alternatively - hide the OMERO_TEMPDIR from diagnostics output, but I don't see why it is wrong how it currently stands...
comment:4 Changed 10 years ago by jamoore
- Milestone changed from 5.1.0-m3 to Unscheduled
- Summary changed from Bug: Windows Service bin/omero admin diagostics and OMERO_TEMPDIR to RFE: Windows Service bin/omero admin diagostics and OMERO_TEMPDIR
De-scheduling this. My hope is that this will actually be taken care of by moving away from icegridnode in the future. Users may need to be told that "the TEMPDIR printout is only valid if using the same user as the service".
Blazej: do you have any thoughts on this? I know you were working on a branch to always use the current user. Did you have any code to detect currentuser != omerouser since under that condition we either need to not show, or at least make it clear?