Can't run nexus as nexus user on Amazon Linux 2

I’m trying to run a Sonatype Nexus under the custom nexus user, because they recommend not running it not under the root user. I’m on an Amazon Linux 2 EC2 machine and it ran previously successfully under the root user.

I’ve added the nexus user and changed directory rights:

useradd --home-dir /opt/sonatype-work --no-create-home --uid 1001 nexus
chown -R nexus:nexus /opt/sonatype-work
chown -R nexus:nexus /opt/nexus

I changed the service file (/etc/systemd/system/nexus.service) to use the nexus user:

[Unit]
Description=nexus service
After=network.target

[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/opt/nexus/bin/nexus start
ExecStop=/opt/nexus/bin/nexus stop
User=nexus
Restart=on-abort

[Install]
WantedBy=multi-user.target

Then I reloaded systemd and started it

$ systemctl daemon-reload
$ systemctl enable nexus
$ systemctl start nexus
$ systemctl status nexus
...
nexus[5838]: Starting nexus
systemd[1]: Started nexus service.
systemd[1]: nexus.service: main process exited, code=exited, status=255/n/a
nexus[6030]: Shutting down nexus
nexus[6030]: nexus is not running.
systemd[1]: Unit nexus.service entered failed state.
systemd[1]: nexus.service failed.

Nothing is happening. Same thing If switch to the nexus user and try to start it in that account. In the logs of the nexus service (tail -f /opt/sonatype-work/nexus3/log/nexus.log )nothing is happening. The systemd logs do not give a clue.

Where can I look what is actually happening and preventing my Sonatype Nexus to start?

P.S. Yes I searched here and Can't run nexus as nexus user didn’t help.

It could be this:

https://help.sonatype.com/display/NXRM3/Run+as+a+Service#RunasaService-PIDFile

I can confirm that I don’t have a pid file with the nexus user, but the root user does. I’ve tried

chown -R nexus:nexus /tmp

but no PIDFile was written with the nexus user.

I’ve tried setting the absolute path in /opt/nexus/bin/nexus.vmoptions with:

-Dinstall4j.pidDir=/opt/nexus

but with the same result: no PIDFile.

The /tmp and the /opt/nexus directory are both writable by the nexus user.

Try running “systemctl status nexus” after “systemctl start nexus”, to see what it shows.

it runs for 3 seconds, then shuts down

systemd[1]: Starting nexus service...
nexus[7243]: Starting nexus
systemd[1]: Started nexus service.
systemd[1]: nexus.service: main process exited, code=exited, status=255/n/a
nexus[7447]: Shutting down nexus
nexus[7447]: nexus is not running.
systemd[1]: Unit nexus.service entered failed state.
systemd[1]: nexus.service failed.

@mles do you get any different clues by running nexus from the command line instead of as a service?

/opt/nexus/bin/nexus start

Nope, that’ exactly what systemd is also doing.

$ su nexus
bash-4.2$ /opt/nexus/bin/nexus start
Starting nexus
bash-4.2$ /opt/nexus/bin/nexus status
nexus is stopped.

I was able to fix it The problem was that the root folder containing the folders which the nexus program needed to work also need to have the nexus user as owner. This is my working install script:

# install sonatype nexus
mkdir -pv /opt/efsfilesystem/sonatype-work
ln -sv /opt/efsfilesystem/sonatype-work /opt/sonatype-work
wget --output-document /tmp/nexus.tar.gz https://sonatype-download.global.ssl.fastly.net/nexus/3/nexus-3.22.1-02-unix.tar.gz
mkdir -p /opt/nexus
tar xf /tmp/nexus.tar.gz -C /opt/nexus --strip-components 1

# run as nexus user
useradd --home-dir /opt/nexus --no-create-home --uid 1001 nexus
chown -R nexus:nexus /opt/efsfilesystem
chown -R nexus:nexus /opt/nexus
chown -R nexus:nexus /opt/sonatype-work

Thank you so much for this @mles !! I couldn’t figure out why my service wasn’t starting after upgrade and this fixed it - changing permissions under my nexus and sonatype-work directories to the nexus user. Worked like a charm!