Service users
A service
user is for
server-to-server authentication as part of the replication process. For details about service users, see p4 user in Helix Core Command-Line (P4) Reference.
Create a service user for each master, replica, or proxy server that you control. This makes it easier to interpret your server logs. Having service users improves security, by requiring that your edge servers and other replicas have valid login tickets before they can communicate with the master or commit server.
Tickets and timeouts for service users
A newly-created service user that is not a member of any groups is
subject to the default ticket timeout of 12 hours. To avoid issues that
arise when a service user’s ticket ceases to be valid, create a group for
your service users that features an extremely long timeout, or to
unlimited
. On the master server, issue the following
command:
p4 group service_users
Add service1
to the list of Users:
in the
group, and set the Timeout:
and
PasswordTimeout:
values to a large value or to
unlimited
.
Group: service_users Timeout: unlimited PasswordTimeout: unlimited Subgroups: Owners: Users: service1
Service users must have a ticket created with the p4
login
for replication to work.
Permissions for service users
On the master server, use p4 protect
to grant the
service user super
permission. Service users are tightly
restricted in the commands they can run, so granting them
super
permission is safe. For example:
super group unlimited_timeout * //..."
grants the super permission to the group named unlimited_timeout.