Version 6.1 of MoneyWorks Datacentre on the Mac has a significant change that will affect system administrators.
Tighter security
In earlier versions of MoneyWorks Datacentre on the Mac, the server ran as the root user, giving it access to any files on the system. This was convenient because it meant that you as the administrator of the system did not need to worry about file ownership or permissions for MoneyWorks files that you wanted to share.
In version 6.1 and later, the server runs as a special user (that the installer creates for you) called moneyworks_server. This user has much lower privileges than the root user, and has its own home directory located at /Library/MoneyWorks where all of its working files are stored. A new install will default to serving MoneyWorks files placed in /Library/MoneyWorks/Documents, but if you are updating an existing installation, then your current documents location will continue to be used.
It is important to understand that MoneyWorks Datacentre 6.1 will not be able to read or write files that are not either (a) owned by moneyworks_server, or (b) owned by a member of the staff group and have file permissions that allow group read/write access.
Setting file ownership
To make life a little easier, the Datacentre Console application will scan the documents folder at startup to see if files have inappropriate ownership and it will change the owner to moneyworks_server for you. The Console will need administrator authentication to be able to do this (click the padlock to authenticate).
Until the file ownership has been set correctly, new files dragged into the documents folder will not be accessible (you will get an error if you try to connect to them).
Therefore, adding a file to the Datacentre is now a two step process:
- Drag the file into the documents folder
- Launch or switch to the Console and allow it to change the file ownership
If launching or previous authentication has timed out:
After authenticating:
Other issues
Some issues that have cropped up:
- This release currently relies on DNS (if there is any) for your server being correct. Incorrect DNS will prevent the server from operating correctly. We have a workaround in the works for this condition. You can test for a problem using
host `hostname`
The IP address returned should be the actual IP address of the server (not your external public IP address if you have NAT). If the host command fails for your server, you should wait for version 6.1r3 - It is necessary that the entire path (all folders in the hierarchy) to the data folder be “searchable” (i.e. have folder execute permissions) for all users, or be owned by the staff group. chmod a+x on each parent folder is sufficient for this. If your Backups and Archives folders are elsewhere, then this applies to them as well.
- If you keep your MoneyWorks files on a drive other than your boot drive, it is necessary that the Temporary Items invisible folder be world writable, or owned by the staff group.
In theory, none of these issues should normally arise, but it turns out that there are quite a few misconfigured servers out there (Mac OS X Server seems to be more problematic that regular OS X). Please make sure that you are prepared to deal with any such issues before installing. That said, we do encourage you to update to this version as soon as possible.
Finally, before installing the update, do check that your data is backed up. Look at the date and time of the latest backup in your backups folder. If for some reason your Datacentre is not backing up, then you should not install the update, since this update