1 Reply Latest reply on Aug 1, 2011 9:27 AM by mazz

    Running JON/JOPR on Linux as service

    Vimal Kansal Newbie



      I am running JOPR as a Linux service as per the docs. But it always runs as root user. How do I run it as a non-user? Docs don't talk about whether JOPR/JON server should be run as root user or a non root user? Same for agents - should I run them as root user or non root user

        • 1. Re: Running JON/JOPR on Linux as service
          mazz Master

          (side note: "Jopr" is the old, now deprecated, name - "JON" is the commercial product whose upstream project is RHQ)


          The RHQ Server, if you set it up as running as a Linux service, will by default run as root since, AFAIK, that is how the basic Linux services system works. I'm not a  Linux sysadmin, I don't know what methods are available to get Linux services to boot up as non-root users. But I think that would be outside RHQ and more of a general Linux sysadmin question.


          The RHQ Server start up scripts do not have anything to tell it to start up the Server as a specific user. That said, the RHQ Agent scripts DO have something like this. See <agent-install-dir>/bin/rhq-agent-env.sh, specifically, read the comments on RHQ_AGENT_START_COMMAND.


          The RHQ Server doesn't necessarily have to run as root, and neither does the RHQ Agent. However, realize that if you run the RHQ Agent as non-root, and if you try to monitor a managed resource that is running as another user (or root), then you may be causing your agent to be unable to monitor that resource. For example, suppose you are running Postgres as user P and the RHQ Agent as user A. Typically, that agent will not be able to see that Postgres server's configuration because typically user A will not have read permissions to files belonging to user P (and the Postgres configuration file is something the agent will need to be able to read in order to gather configuration details about Postgres).


          So, you are allowed to run RHQ's processes (server or agent) as root, but realize if you do this for the RHQ Agent, you may limit what RHQ can do.