In order to relieve permission issues, switch FTS to user-space
phreed opened this issue ยท 5 comments
Currently FTS installs as root into a root owned directory and FTS processes run as root.
This makes it difficult to administer the services as the base user.
It is possible to perform most administration tasks via sudo
.
e.g.
- edit the main FTS configuration:
sudo vi /opt/FTSConfig.yaml
- stop the FTS service:
sudo systemctl stop fts.service
- edit the FTS UI configuration:
sudo vi /root/fts.venv/lib/python3.11/site-packages/FreeTAKServer-UI/config.py
- become root:
sudo su -
This works but it requires working as root
which is generally discouraged.
To reduce the need to use sudo
the following changes will be made:
- create an
fts
user andfts
group - install fts files with
fts:fts
ownership into/opt
(see #112) - run (via systemd) processes with
fts
permissions - cause the installer to not need to be run with
sudo
- add the base user (probably
ubuntu
) to thefts
group so it can perform FTS maintenance tasks
It is not completely possible to eliminate the need to run the installer with sudo
.
- create the
fts
user and group - creating directories in
/opt
- creating systemd services : does not strictly need to be done as root https://www.baeldung.com/linux/systemd-create-user-services
That said, reducing the need to run any step as root is a good thing.
we can run the installer with SUDO but then run FTS with the new created user
I had the opportunity to study up on systemd. Rather than running the installer as root the application can use 'systemctl --user ...' as the 'fts' user, rather than 'sudo systemctl ...'.
Have you tested that?
I have tested the approach on another similar system.