System Administration Guide
Using InterSystems IRIS on UNIX®, Linux, and macOS
This chapter describes specific administrative procedures on UNIX®, Linux, and macOS. This chapter addresses the following topics:
Every InterSystems IRIS™ installation on a UNIX® platform has the following users and groups:
InterSystems IRIS must be installed by root
, and some processing by InterSystems IRIS system daemons runs as root
Owner of instance
This user owns most installation files and has full control of the instance. If you install with Minimal initial security settings, root
is the default owner; otherwise, you are prompted for the owner during installation.
Effective user for InterSystems IRIS superserver and its jobs
All InterSystems IRIS processes spawned by the superserver to serve incoming requests run as this user; in addition jobs hosted by jobserver processes, taskmanager jobs, and user-defined startup routines (for example, ^%ZSTART
) also run as this user. By default, this user is irisusr
, but you can change the user during installation.
Effective group for InterSystems IRIS processes
All InterSystems IRIS processes automatically run as this group, which allows normal users, while inside InterSystems IRIS, to access InterSystems IRIS database and journal files to which they may not otherwise have been granted access; file permissions on these and other InterSystems IRIS files are set to allow this group to have appropriate access. On a secure system, no actual user should be a member of this group. By default, this group is irisusr
, but you can change the group during installation.
All journals and journal directories must have the group ownership set to the Effective group for InterSystems IRIS processes
group and grant full permissions to that group (rw
for journals, rwx
for journal directories). The user who owns the journal and journal directories may vary depending on how they were created.
Journals and journal directories created within InterSystems IRIS are created with the appropriate permissions. However, if you move, copy or create journal directories or journals externally (via scripts or administrator action), you must ensure that the proper permissions are maintained. Failure to set the permissions properly may lead to unexpected and serious errors.
journal directory irisowner irisusr drwxrwxr-x
20170801.001 irisowner irisusr -rw-rw----
These settings are maintained, in part, as the set of permissions on the executables within the install-dir/bin
directory of the InterSystems IRIS installation. Relevant properties include: ownership, group, mode, set-uid, and set-gid bits. It is important that you do not modify these permissions when performing administrative tasks at the operating-system level.
All databases and database directories must have the group ownership set to the Effective group for InterSystems IRIS processes
group and grant full permissions to that group (rw
for databases, rwx
for database directories). The user who owns the databases and database directories may vary depending on how they were created.
Databases and database directories created within InterSystems IRIS are created with the appropriate permissions. However, if you move, copy or create database directories or databases externally (via scripts or administrator action), you must ensure that the proper permissions are maintained. Failure to set the permissions properly may lead to unexpected and serious errors.
dataset directory irisowner irisusr drwxrwxr-x
IRIS.DAT irisowner irisusr -rw-rw----
The InterSystems IRIS instance uses the following resources to control starting, stopping, and creating new processes:
InterSystems IRIS uses advisory file locking to prevent multiple startups of the same instance on different machines. With advisory file locking, a single lock file (in this case, the file clock in the install-dir/bin
directory) may be used to exclusively lock multiple resources. The Control Process, Write daemon, and Journal daemon each lock a separate section of the lock file. If this section of the clock file is already locked, startup terminates. The locks held by the different daemons are called Daemon Resource Locks.
A file lock is held by a process until the process terminates. Thus if any lock is held, it indicates that some daemon process on some node is running. It does not indicate, however, whether or not the instance is healthy and running normally.
file contains the name of the node where InterSystems IRIS was started. The existence of the iris.ids
file acts as a flag to ObjectScript utilities and customer-written scripts, indicating whether or not the instance is up and running. This file is often ignored during startup. However, if an error occurs when iris.ids
is being read, it will prevent InterSystems IRIS from starting up. In previous versions of InterSystems IRIS, the shared memory identifiers were also stored in the iris.ids
file, but this is no longer the case.
To best understand the startup sequence, imagine that the instance can be run from two (2) different nodes (machines), node A and node B. The iris.ids
file is visible to both nodes, as are the Daemon Resource Locks (for shared files). The shared memory itself, however, is visible only on the node on which it was created (that is, the node where you started InterSystems IRIS).
The startup routine runs irisdb cV
to find out the status of the instance. It first attempts to attach to shared memory for the instance:
If there is no shared memory for the instance, a test is made for Daemon Resource Locks:
If no Daemon Resource Locks are held, the instance is reported “down.”
If Daemon Resource Locks are held, the instance is reported to be running on the node specified in the iris.ids
file. If the iris.ids
file does not exist, no information is available on where the daemons are running.
If the attach succeeded, the system is assumed to be up and running. This status is reported to the user. Startup halts.
The InterSystems IRIS startup process is run. Checks are repeated to ensure that another startup is not competing for the startup resources:
InterSystems IRIS continues startup.
The owner of the installation has full privileges to start and stop the instance, to perform system administration, and to run diagnostic programs for that instance.
Only the user ID that is the owner of the instance can and should run all diagnostic activities. This ensures that any files or resources created are owned by the owner of the instance and not root (which may make it impossible to access these resources by a non-root user). For this reason, it is inadvisable for root to in any way administer an instance not owned by root (including starting and stopping the instance). A user running as root should only administer instances owned by root.
To start InterSystems IRIS, run the startup procedure at the system level. This procedure activates either a default configuration file or a configuration file you specify.
If you are not on the console machine, run Telnet and connect to the target machine where InterSystems IRIS is installed. Before you can start InterSystems IRIS on UNIX®, one of the following must be true:
Start InterSystems IRIS using the iris
From the shell, a user with any user ID in the sysmgr
group can run iris start
. This command verifies that the instance is not currently running on the current or another node, creates shared memory and basic InterSystems IRIS daemons, including multiple slave write daemons (SWDs), runs the startup (^STU
) routine, which creates additional daemons (for example, ECP daemon), and then allows user logins.
Running as anyuser:irisusr
, InterSystems IRIS runs its standard startup logic, including Kerberos negotiation, to identify a $USERNAME
and a set of login roles. In many cases, this $USERNAME
value is associated with the actual user who invoked iris session
. Thus, while any user may run InterSystems IRIS, the activities of that user once in InterSystems IRIS are defined and limited by the security roles assigned to that user.
enter InterSystems IRIS by invoking its executable directly from the install-dir/bin
The InterSystems IRIS executable is not itself a setgid-executable. It is the responsibility of the iris session
wrapper to set the group properly on behalf of the user entering InterSystems IRIS. This is not a problem if you are running InterSystems IRIS from the /usr/bin
directory as set up by the iris
default function. The iris
default sets up an executable file called irisdb
in the /usr/bin/
directory and is a link to call iris session
which sets permissions properly.
Normally you leave your InterSystems IRIS system running. However, if your operating system requires a restart, you should stop InterSystems IRIS before you shut down your system. The InterSystems IRIS maintenance tasks, such as backups and database repair utilities, do not require you to stop InterSystems IRIS.
To stop InterSystems IRIS on UNIX®, the same requirements exist as for starting InterSystems IRIS. One of the following must be true:
To stop InterSystems IRIS, from the command line:
You can stop InterSystems IRIS with the iris force
command, but you should do so with caution because it may result in a loss of data.
This procedure invokes the InterSystems IRIS SHUTDOWN
utility, which displays a status report. Check for active processes in the report to determine if the next step is necessary.
Should it be necessary, broadcast a message to any users on the system:
Do you want to broadcast a message to anyone? No=> Yes
Send a message to other terminals. Message => Please sign off
Terminal => /dev/tty/06
After sending one message you can send others, until you respond to the Message
prompt by pressing Enter
When the system asks if you would like to see another system status, enter Yes
to see one, or press Enter
if you do not want another report.
If you answer Yes
, when the system status displays again, identify any active terminals.
Confirm that you want to halt by answering Yes
. If you answer No
, the shutdown procedure quits and InterSystems IRIS continues running.
On UNIX® platforms, when an InterSystems IRIS instance is stopped, restarted, or forced down, the instance will wait for all processes to detach from shared memory for a maximum of 30 seconds. After 30 seconds, the instance will close. If there are still processes attached to the shared memory after the instance has closed, restarting the instance will fail.
Content Date/Time: 2019-04-10 14:45:56