Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Change installation guide to run as non-root user

Description

Modern Linux distributions create users with administrative permissions. Login to the local system with user root via SSH or on the console is prevented for security reasons. With sudo an user can be granted with permissions to do administrative tasks. To follow best practices we should migrate our installation guide to use a non-root user with sudo permissions. The following policies are enforced for different distributions and should be reflected in our install guide:

  • Debian 10: doesn't have sudo environment by default

  • Ubuntu 20.04 LTS: only login console/SSH with user and sudo is available

  • CentOS 7/8: only SSH login with user, root login only console, sudo is available

  • RHEL 7/8: ???

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Ronny Trommer December 3, 2020 at 10:40 AM

I was able to resolve this issue while migrating our installation guide to Antora. The deliverables are here:

Thank you for the heads up

Sandy Skipper December 2, 2020 at 2:48 PM

you are welcome to work on this issue if you have time.

Alejandro Galue November 5, 2020 at 1:12 PM

Installing OpenNMS or any package or application in any Linux distribution requires two things:

  • Root privileges

  • Internet access

If you don't have any of these two, you cannot install anything on the Linux machine.

If we're talking about a test server or a VM you own and control, you wouldn't have issues with these two requirements as you can always become root and have Internet access.

Now, running commands as root is always a bad practice, and it is not recommended. In fact, some companies are rigorous in this regard.

Here is where the "sudo" command comes in. As you know, you can offer granular control over what a given user can run with elevated privileges and even decide whether or not to ask the user for a password. Also, keep in mind that the person who would install OpenNMS is not necessarily Linux savvy. We should be very clear in the documentation on what a user should be doing, as we cannot assume that any potential OpenNMS user is a Linux expert.

In Ubuntu, sudo is just there when you install it. It has been that way since I remember, so this distribution would never have problems prefixing all the privileged commands with "sudo".

In CentOS/RHEL 7 and 8, that's also the case, and I tested that via Vagrant and in AWS and Azure. Besides that, with CentOS, I installed 7 and 8 in VMWare Fusion manually, and sudo is available, so I guess RHEL should follow the same pattern. Although, in 7, you might need to modify /etc/sudoers to allow users to become root or execute privileged commands.

Unfortunately, I cannot do the same with RHEL, and I know that prepared AMIs on cloud providers could add features and explain why "sudo" is always available. Still, I believe that's not the case, and it comes with the operating system.

In other words, if we're going to make assumptions, the only one that makes sense is assume that sudo is available, especially considering that the only scenario where apparently is not the case in Debian. Speaking of which, in my 14+ years working with OpenNMS, I never encounter a customer or a user running OpenNMS on that operating system (same with Ubuntu). All the people I helped since I support OpenNMS use CentOS or RHEL, so Meridian only supports those Linux distributions.

Fixed

Details

Assignee

Reporter

HB Grooming Date

HB Backlog Status

Components

Fix versions

Priority

PagerDuty

Created November 5, 2020 at 10:00 AM
Updated March 1, 2021 at 8:27 PM
Resolved December 3, 2020 at 10:40 AM