I am looking to hear from Geneos user whether or not you use the geneos tool contained in cordial. I would like to hear about how you use Linux user account with respect to Geneos and individual components.
At the moment, mainly because of the way I organically developed the early versions, there is a bit of a mess under-the-hood in the handling of the program run as root. The initial idea was to protect the user from accidentally doing things as root when they actually meant to be a normal user, so the code checks in various places if you are either super user and/or running in a sudo session.
There are some functions that I cannot actually recall the precise behaviour for in these circumstances and in reviewing the code I thought it best to ask for input from others.
I know of at least one user who runs all their Geneos estate as root, but this is less common in general. And often frowned upon.
The dangers are, for example, if you unintentionally start a component as root then files can be created owned by root which the normal user then may not be able to delete and/or their later invocations of a component may fail. One example is a Gateway that creates or updates the cache/ directory.
The current functionality relies on the Geneos environment having a default user in the configuration (
geneos init ...) but then each instance can also have it’s own user so that functionality from the older Best Practice scripts is maintained. If run as root then the program tries to ensure new files are created as the default user and that instances are started under the same user account.
There are some cases where this doesn’t work (on the local system) as expected and then there are the features that allow remote management over SSH, where each remote host has a configured username for the remote. It gets a little more complex if the “global” remote user is different to that on a specific component.
- Should the
geneostool (as opposed to the Geneos product) support running generally as root or specific instances as root. The latter is almost a requirement as certain plugins require elevated privileges to run (X-*, trapmon and maybe more).
- How should this be achieved on remote systems? Remote access directly as root is almost entirely forbidden in all but the most experimental networks. Will executing remote sudo (or some configurable binary name) be enough?
- What else needs to be considered
- How do you do this in your environments, if you have mixed user deployments of Geneos components?