In order to relieve permission issues, switch FTS to user-space

Question

In order to relieve permission issues, switch FTS to user-space

phreed opened this issue 6 months ago · 5 comments

Currently FTS installs as root into a root owned directory and FTS processes run as root.

This makes it difficult to administer the services as the base user.
It is possible to perform most administration tasks via sudo.
e.g.

edit the main FTS configuration: sudo vi /opt/FTSConfig.yaml
stop the FTS service: sudo systemctl stop fts.service
edit the FTS UI configuration: sudo vi /root/fts.venv/lib/python3.11/site-packages/FreeTAKServer-UI/config.py
become root: sudo su -

This works but it requires working as root which is generally discouraged.
To reduce the need to use sudo the following changes will be made:

create an fts user and fts group
install fts files with fts:fts ownership into /opt (see #112)
run (via systemd) processes with fts permissions
cause the installer to not need to be run with sudo
add the base user (probably ubuntu) to the fts group so it can perform FTS maintenance tasks

Answer 1 · 2024-03-28T15:43:31.000Z

It is not completely possible to eliminate the need to run the installer with sudo.

create the fts user and group
creating directories in /opt
creating systemd services : does not strictly need to be done as root https://www.baeldung.com/linux/systemd-create-user-services

That said, reducing the need to run any step as root is a good thing.

Answer 2 · 2024-03-28T16:24:43.000Z

we can run the installer with SUDO but then run FTS with the new created user

Answer 3 · 2024-07-01T17:40:01.000Z

I had the opportunity to study up on systemd. Rather than running the installer as root the application can use 'systemctl --user ...' as the 'fts' user, rather than 'sudo systemctl ...'.

Answer 4 · 2024-07-02T09:18:15.000Z

Have you tested that?

Answer 5 · 2024-07-02T13:41:11.000Z

I have tested the approach on another similar system.