Create a service account to install and manage NXLog Platform

In some environments, IT security requirements or compliance mandates forbid the long-term use of root privileges to run software applications on Linux. The procedure below describes creating a service account on Linux with the least privileges to install and manage NXLog Platform. It is tested on RHEL and Ubuntu.

Prerequisites

Root level privileges on the target computer to complete the tasks.
A planned username and group name that you will use. This procedure will create the nxp user and nxpgroup. You may change these to suit your environment.

Prepare the environment and create the service account

This section outlines the steps to create a dedicated service account and grant it the necessary permissions to install and manage NXLog Platform.

Create the nxp user and the nxpgroup group. These are dedicated group and user accounts that will be used to manage NXLog Platform and ensure a separation of privileges from the root user.
```
$ sudo groupadd -g 900 nxpgroup
$ sudo useradd -m -g nxpgroup -s /bin/bash nxp
```
Next, configure the sudoers file to grant the service account access to the necessary commands and installer paths for managing NXLog Platform. You must replace the path /export/local/nxp/nxp-*.sfx.sh with the path where you will copy your NXLog Platform installer file.
```
$ sudo cat << EOF > /etc/sudoers.d/99-nxpgroup
Cmnd_Alias NXP = /usr/local/bin/nxp_manage.sh, /usr/bin/journalctl, /bin/vi /etc/nxp.conf
Cmnd_Alias NXP_INSTALL = /export/local/nxp/nxp-*.sfx.sh
%nxpgroup ALL = NXP, NXP_INSTALL
EOF
```

Once you have completed the above tests, you can install NXLog Platform using the nxp user account. See the Install NXLog Platform section.

Test the installation and access

Once the service account is configured, verify that it can successfully manage NXLog Platform by performing a test using the nxp_manage.sh script.

Switch to the nxp user and run the following command:
```
$ sudo /usr/local/bin/nxp_manage.sh help
```

If access is configured correctly, you should see output similar to the following output (the help section is truncated in the example):

$ sudo /usr/local/bin/nxp_manage.sh help
NXP_API_KEY=<YOUR PLATFORM API KEY>
NXP_DOMAIN=nxlog.example.com
NXP_BACKUP_LOCATION=/srv/nxp/backup
NXP_DATA_LOCATION=/srv/nxp/data
NXP_SELF_SIGNED_CERT=Y
NXP_MINDER_AGENT_PORT=5515
NXP_PROMETHEUS_PORT=9091

Usage:
  make <target>

General
  help                       Display this help.
...
  unarchive                  Unarchive the downloaded .tar.gz file to INSTALL_DIR.