These tips apply only to UNIX® and Linux.
Setting Permissions for Callin Executables on UNIX®
InterSystems IRIS executables, files, and resources such as shared memory and operating system messages, are owned by a user selected at installation time (the installation owner) and a group with a default name of irisusr (you can choose a different name at installation time). These files and resources are only accessible to processes that either have this user ID or belong to this group. Otherwise, attempting to connect to InterSystems IRIS results in protection errors from the operating system (usually specifying that access is denied); this occurs prior to establishing any connection with InterSystems IRIS.
A Callin program can only run if its effective group ID is irisusr. To meet this condition, one of the following must be true:
-
The program is run by a user in the irisusr group (or an alternate run-as group if it was changed from irisusr to something else).
-
The program sets its effective user or group by manipulating its uid or gid file permissions (using the UNIX® chgrp and chmod commands).