Knowledge Base

Setup Neo4j Service to run with different service ID

By default when neo4j is installed as an RPM via yum or apt-get, it creates a user neo4j and group neo4j and runs as neo4j user. However it might be required to run Neo4j service as another service id other than neo4j. So in this article we will take a look at how to go about configuring Service id to run Neo4j service.

For simplicity lets assume the activity is performed on Redhat Release 7.x

Follow instructions as specified in the Neo4j Operations Manual Documentation to install Neo4j Enterprise. https://neo4j.com/docs/operations-manual/current/installation/linux/rpm/

Once the Neo4j service is installed, a new user and group are created called neo4j. When the Neo4j service is started using sudo systemctl start neo4j, the service is started by user neo4j.

To setup and start the Neo4j service as a different user we must follow the below outlined steps.

We will use the user testuser and group testuser to setup neo4j service.

First step is to edit the neo4j.service and change the user and group as testuser so the service can start as that user and group.

 sudo vi /usr/lib/systemd/system/neo4j.service

Edit as show below by changing the User and Group.

[Unit]
Description=Neo4j Graph Database
After=network-online.target
Wants=network-online.target

[Service]
ExecStart=/home/rohan_kharwar/neo4j-enterprise-3.5.5/bin/neo4j console
Restart=on-failure
User=testuser
Group=testuser
Environment="NEO4J_CONF=/home/rohan_kharwar/neo4j-enterprise-3.5.5/conf" "NEO4J_HOME=/home/rohan_kharwar/neo4j-enterprise-3.5.5"
LimitNOFILE=60000
TimeoutSec=120

[Install]
WantedBy=multi-user.target

Second step is to change the ownership of the below files to testuser:testuser. For RPM install:

/etc/neo4j
/etc/neo4j/jmx.access
/etc/neo4j/jmx.password
/etc/neo4j/neo4j.conf
/var/lib/neo4j
/var/lib/neo4j/data
/var/lib/neo4j/data/databases
/var/lib/neo4j/import
/var/lib/neo4j/plugins
/var/log/neo4j
/var/run/neo4j

Steps documented as :

$ sudo chown testuser:testuser -R /etc/neo4j
$ sudo chown testuser:testuser -R /var/lib/neo4j
$ sudo chown testuser:testuser -R /var/log/neo4j
$ sudo chown testuser:testuser -R /var/run/neo4j

Once the above steps are completed, the file ownership should be changed to testuser. Then start the neo4j service as:

$ sudo systemctl start neo4j

and this should start as the service user that was setup.

To verify if the neo4j service is started as user testuser execute ps -ef | grep -i neo4j

and the output should show testuser as given below

testuser  3296     1 26 18:00 ?        00:00:19 /usr/bin/java -cp /var/lib/neo4j/plugins:/etc/neo4j:/usr/share/neo4j/lib/*:/var/lib/neo4j/plugins/* -server -XX:+UseG1GC -XX:-OmitStackTraceInFastThrow -XX:+AlwaysPreTouch -XX:+UnlockExperimentalVMOptions -XX:+TrustFinalNonStaticFields -XX:+DisableExplicitGC -Djdk.tls.ephemeralDHKeySize=2048 -Djdk.tls.rejectClientInitiatedRenegotiation=true -Dunsupported.dbms.udc.source=rpm -Dfile.encoding=UTF-8 com.neo4j.server.enterprise.CommercialEntryPoint --home-dir=/var/lib/neo4j --config-dir=/etc/neo4j