NXLog search
Let's Talk Start free
Let's Talk
1.08

Create a service account to install and manage NXLog Platform

In some environments, IT security requirements or compliance mandates forbid the long-term use of root privileges to run software applications on Linux. The procedure below walks you through creating a service account with the least privileges to install and manage NXLog Platform. We tested this procedure on RHEL and Ubuntu.

Prerequisites

  • Root level privileges on the target computer to complete the tasks.

  • A username and group name. We use nxp for the username and nxpgroup for the group name. You may change these to suit your environment.

Prepare the environment and create the service account

Follow these steps to create a dedicated service account and grant it the necessary permissions to install and manage NXLog Platform:

  1. Create the nxpgroup group and nxp user. You will use these dedicated accounts to manage NXLog Platform and ensure a separation of privileges from the root user.

    $ sudo groupadd -g 900 nxpgroup
$ sudo useradd -m -g nxpgroup -s /bin/bash nxp
$ sudo passwd nxp

  2. Next, create and edit a sudoers file to grant access to the necessary commands to the service account.

    $ sudo nano /etc/sudoers.d/99-nxpgroup

  3. Copy the following configuration to the new file:

    Cmnd_Alias NXP = /usr/bin/nxp_manage.sh, /usr/bin/journalctl, /bin/nano /etc/nxp.conf, /bin/vi /etc/nxp.conf
Cmnd_Alias NXP_INSTALL = <installer_path>/nxp-*.sfx.sh
%nxpgroup ALL = NXP, NXP_INSTALL

  4. Replace <installer_path> with the correct path to the directory containing the NXLog Platform installer file, and save the file.

    Optionally, you can replace /bin/nano or /bin/vi with your favorite text editor.

You can now install NXLog Platform using the nxp user account. See Install NXLog Platform for instructions.

Test the installation and access

Once you install NXLog Platform, verify that the service account can manage NXLog Platform by performing a test using the nxp_manage.sh script.

Log in as the nxp user and run the following command. If access is configured correctly, the command should return similar output (the help section is truncated in the example):

$ sudo /usr/bin/nxp_manage.sh help
NXP_API_KEY=<YOUR API KEY>
NXP_DOMAIN=nxlog.example.com
NXP_BACKUP_LOCATION=/srv/nxp/backup
NXP_DATA_LOCATION=/srv/nxp/data
NXP_SELF_SIGNED_CERT=Y
NXP_MINDER_AGENT_PORT=5515

Usage:
  make <target>

General
  help                       Display this help.
...
  unarchive                  Unarchive the downloaded .tar.gz file to INSTALL_DIR.

© Copyright NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS