cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

157
Views
0
Helpful
3
Replies
khgrant
Cisco Employee

NCS Install Root

Folks,

What is the minimum set of privileges required to manage NCS nodes ? My customer has expressed concern over using ‘root’ or root-level access for NCS Admins. Audit/Security will flag them as non-compliant.

What are the Tail-f / NCS recommendations for administering NCS post-deployment in a secure non-root type fashion ?

Thoughts appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
khgrant
Cisco Employee

See documentation “Administration Guide” -> "Advanced Topics” -> "Running NCS as a non privileged user"

View solution in original post

3 REPLIES 3
khgrant
Cisco Employee

See documentation “Administration Guide” -> "Advanced Topics” -> "Running NCS as a non privileged user"

khgrant
Cisco Employee

Thanks Carl/Klacke. And yes, my customer is planning for multi-node; multi-site; clustered and HA configured deployment in 2 short weeks.

They don¹t have an issue with a one-time Œroot¹ install as recommended in "‹system-install" fashion; however, they are looking for guidance on (1) day-to-day management of NCS nodes as non-root users (2) access to NCS CLI for NCS Administrators who are non-root users.

khgrant
Cisco Employee

Ok - fine - that works exactly perfect already. It's just that the daemon with --system-install runs as root.

ncs_cli , tools, etc run just fine as non root, this is how we usually run at deployments.

So,

- run NSO as root.

- Use normal user accounts to log into NSO and to manage app.

- need to be root (or sudo) to do certain admin tasks, such

   as upgrade daemon, install additional packages, manage backups etc.

ok ?

Create
Recognize Your Peers
Content for Community-Ad