Solved: NCS Install Root

khgrant · ‎06-22-2015

Folks,

What is the minimum set of privileges required to manage NCS nodes ? My customer has expressed concern over using ‘root’ or root-level access for NCS Admins. Audit/Security will flag them as non-compliant.

What are the Tail-f / NCS recommendations for administering NCS post-deployment in a secure non-root type fashion ?

Thoughts appreciated.

khgrant · ‎06-22-2015

See documentation “Administration Guide” -> "Advanced Topics” -> "Running NCS as a non privileged user"

View solution in original post

khgrant · ‎06-22-2015

See documentation “Administration Guide” -> "Advanced Topics” -> "Running NCS as a non privileged user"

khgrant · ‎06-25-2015

Thanks Carl/Klacke. And yes, my customer is planning for multi-node; multi-site; clustered and HA configured deployment in 2 short weeks.

They don¹t have an issue with a one-time Œroot¹ install as recommended in "‹system-install" fashion; however, they are looking for guidance on (1) day-to-day management of NCS nodes as non-root users (2) access to NCS CLI for NCS Administrators who are non-root users.

khgrant · ‎06-25-2015

Ok - fine - that works exactly perfect already. It's just that the daemon with --system-install runs as root.

ncs_cli , tools, etc run just fine as non root, this is how we usually run at deployments.

So,

- run NSO as root.

- Use normal user accounts to log into NSO and to manage app.

- need to be root (or sudo) to do certain admin tasks, such

as upgrade daemon, install additional packages, manage backups etc.

ok ?