Hi All, because the ownership of most files is wowza, we need to access our AWS EC2 WSE as the user wowza. We created the Filezilla settings as usual for logging in with username password, using the instance id as the password:
We tried connecting and get the error:
The user wowza does not have a keypair. We can successfully connect as ec2-user with the keypair that was specified when launching the instance, but we run into all kinds of trouble when installing files onto the WSE owned by ec2-user.
Is there a workflow that we can transfer files to the WSE as the user wowza?
FYI I tried setting Topics of this post to to ftp, sftp, upload, file transfer, filezilla, password, key, key pair, wse, none of which were available.
Thank you!
Hi @Karel Boek-Senior Consultant thank you for that suggestion. We have had very bad and mysterious issues when changing permissions or ownership of files in installdir/. We need a solution that doesn’t require changing the ownership or permissions of files in installdir.
Hi @Karl Boek, We are talking about the files in the installdir/, such as modified Application.xml, Server.xml. Also copying new modules into lib/ etc. Also, for downloading logs and conf files to provide to tech support.
Are you talking about all Wowza files in the installation folder, or specifically about the videos in the /content folder? For the latter, it should be fine to upload them as ec2-user, as long as the user “wowza” as read-rights to these files, there’s no problem for Wowza to use the content.
User “ec2-user” doesn’t have any rights to the /content folder by default. But you can add that user to a Linux group and let the group own the content folder.
# create a new group
$ sudo groupadd wowzagroup
# add users to group
$ sudo usermod -a -G wowzagroup wowza
$ sudo usermod -a -G wowzagroup ec2-user
# set ownership of directory and its contents
$ sudo chown -R wowza:wowzagroup /usr/local/WowzaStreamingEngine/content
# set rights of directory and its contents
$ sudo find /usr/local/WowzaStreamingEngine/content -type f -print0|xargs -0 chmod 664
$ sudo find /usr/local/WowzaStreamingEngine/content -type d -print0|xargs -0 chmod 775
Okay; that’s a bit strange in itself. Wowza should run just fine even when the owner-group is changed, as long as the user has the right permissions. I’ve done this myself numerous times. In that case there may be and underlying problem.
Anyway, permissions on files and directories is a Linux thing rather than related to Wowza. If your Wowza is currently running as user “wowza”, then you could generate an RSA key for that user, find out what its home dir is (or set one), in that home dir, create a subfolder called .ssh (notice it starts with a dot, owned by “wowza”, permissions 700), and in there again, put the public key in a file called “authorized_keys” (owned by “wowza”, permissions 600) and that should allow you to write to all files and dirs of your Wowza folder
However that’s under the condition that you run WSE currently as user “wowza”. By default if you don’t specify otherwise, WSE runs as root. And allowing remote access to the root account is quite risky.
This is our correct answer, not the other post accepted by Wowza staff. It doesn’t appear we can select the answer as accepted.
@Michael Williams, you could do that in the same way, just one level up.
Hey @Karel Boek-Senior Consultant your suggestion of creating a keypair for the wowza user is working. It was a complicated process to do that. It doesn’t seem to be documented in our Wowza docs. FYI We have not changed anything regarding how WSE or WSM runs. Also, we were told by tech support that the WSE checks permissions of installdir files and throws errors if permissions are not correct.