Trusted Contributor.. awskier081 Trusted Contributor..
Trusted Contributor..
844 views

Is it possible to run OBR 10.20 Linux as non-root?

Is it possible to run OBR 10.20 Linux as non-root?

If so, how would you make this change?

I realized that business objects has its own user account, as well as vertica.

I was wondering if the java processes can be moved over as well.

When trying to start them as another user, I kept getting asked for the root password from systemctl.

I'm guessing this would be a no becuase of the upgrades that are tuned to use root as a default user.

0 Likes
8 Replies
Micro Focus Expert
Micro Focus Expert

Re: Is it possible to run OBR 10.20 Linux as non-root?

Hi,

No - this is unsupported.

Thanks & Regards,

Vineetha

0 Likes
Trusted Contributor.. awskier081 Trusted Contributor..
Trusted Contributor..

Re: Is it possible to run OBR 10.20 Linux as non-root?

Is there a document that can tell me why it's unsupported?

Is it because of the default communication running on port 383.

What if we switched the agent running to a higher port number, is it supported then?

0 Likes
Regular Contributor.. AshwaniV Regular Contributor..
Regular Contributor..

Re: Is it possible to run OBR 10.20 Linux as non-root?

Hi, 

Yes, it is possible to install OBR with a non-root user. PFA the OBR 10.20 interactive installation and configuration guide for reference. 

=======================================================================

As per guide, before proceeding with OBR installation, we should perform the below steps. You may Refer Appendix B of the OBR 10.20 interactive installation and configuration guide for more details. 

 

 

Install OBR as non-root user

Follow these steps to install as a non-root user:

  1. Log on as non-root user.
  2. Connect to root user using the command:

su - root

  1. Go to the location where the OBR files are unzipped.
  2. Start the installation using the following command:

$ ./HP-SHR_10.00_setup.bin -i console

Continue with the installation steps. For the installation steps, see the Installation section in this guide. 

 

Regards,

Chaman

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Is it possible to run OBR 10.20 Linux as non-root?

0 Likes
Knowledge Partner
Knowledge Partner

Re: Is it possible to run OBR 10.20 Linux as non-root?

Yes it is supported as per the docs.

Just make sure your installation user has sudo permissions

Have installed it like this multiple times in this manner

0 Likes
Craig Rees Regular Contributor.
Regular Contributor.

Re: Is it possible to run OBR 10.20 Linux as non-root?

Hey Vineetha.  does your answer consider this question closed?

As you know, currently OBR must be installed, operated, and administered as the Linux user of "root".  However, customers are asking for OBR to be completely managed as a non-root user like "shrboadmin".  Any application running as root in today’s security conscience world is going to be viewed as a “security risk” and “what will it take to replace it” mentality.

If OMi can now run as non-root, then so can OBR.  As you know, OBR consists of four components; OBR, SAP Business Objects, Postgres, and Vertica.  Beside OBR, the other three can already run as non-root:
• Business Objects as the user of shrboadmin
• Postgres as the user of postgres
• Vertica as the use of vertadm, vertica, …

OBR is primarily made up of Java processes (just like OMi) which do not have to be root and do not need root to control other aspects of the server or other servers/environments.  Just itself.

Please reconsider this request for OBR to operate as a non-root user.  Large companies like AT&T, Wells Fargo, and such will consider OBR to be a short lived application if it is considered a constant security risk.

Thank you.

- - -CraigRees

0 Likes
Craig Rees Regular Contributor.
Regular Contributor.

Re: Is it possible to run OBR 10.20 Linux as non-root?

Sorry, but the reply that OBR can be installed as a non-root user by simply doing a sudo to root is misleading.  You log in as your assigend user, then do a "sudo su -", means you are now root.  OBR is installed as root and still has to be managed as root.

The question was, can OBR be installed as a non-root user, like "shrboadmin" in which this user can not only install OBR, but also manage/operate OBR.

In today's security conscience world, very few "users" have full sudo to root access for any production application.  Only a few trusted System Administrators have this level of access.  So for the rest of us, we have to reply on limited sudo access to just a few commands that you can run in {PMDB_HOME}/bin and other like bin directories.  This means you cannot completely manage and operate an application of OBR becuase you do not have access to log and config files.  You can ask for various config files to be owned by shrboadmin, but any file/log that is auto updated/recreated/archived will end up being owned by root again.  Thus you are at the mercy of the System Admin to keep opening file/directory permissions for you to simply do your job in trying to keep the application running.  As as you might know, this is a very painful way of being able to manage any application.

- - -CraigRees

Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Is it possible to run OBR 10.20 Linux as non-root?

Whilst it's documented it is somewhat misleading as this for the installation of the product only, plus the first thing you are told is to 'su - root' - kind of defeating the object.

To run the product as non-root is indeed a frequent request and you are best to submit such requests to the ITOM Idea Exchange!  for consideration.

BR
Chris

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.