Create a service account to install and manage NXLog Platform
In some environments, IT security requirements or compliance mandates forbid the long-term use of root privileges to run software applications on Linux. The procedure below walks you through creating a service account with the least privileges to install and manage NXLog Platform. We tested this procedure on RHEL and Ubuntu.
Prerequisites
-
Root level privileges on the target computer to complete the tasks.
-
A username and group name. We use
nxp
for the username andnxpgroup
for the group name. You may change these to suit your environment.
Prepare the environment and create the service account
Follow these steps to create a dedicated service account and grant it the necessary permissions to install and manage NXLog Platform:
-
Create the
nxpgroup
group andnxp
user. You will use these dedicated accounts to manage NXLog Platform and ensure a separation of privileges from the root user.$ sudo groupadd -g 900 nxpgroup $ sudo useradd -m -g nxpgroup -s /bin/bash nxp $ sudo passwd nxp
-
Next, configure the sudoers file to grant the service account access to the necessary commands and installer path for installing and managing NXLog Platform. Replace
/tmp/nxp/nxp-*.sfx.sh
with the path of the NXLog Platform installer file.$ sudo tee /etc/sudoers.d/99-nxpgroup > /dev/null << EOF Cmnd_Alias NXP = /usr/local/bin/nxp_manage.sh, /usr/bin/journalctl, /bin/vi /etc/nxp.conf Cmnd_Alias NXP_INSTALL = /tmp/nxp/nxp-*.sfx.sh %nxpgroup ALL = NXP, NXP_INSTALL EOF
You can now install NXLog Platform using the nxp
user account.
See Install NXLog Platform for instructions.
Test the installation and access
Once you install NXLog Platform, verify that the service account can manage NXLog Platform by performing a test using the nxp_manage.sh
script.
-
Switch to the
nxp
user and run the following command:$ sudo /usr/local/bin/nxp_manage.sh help
-
If access is configured correctly, you should see output similar to the following (the help section is truncated in the example):
$ sudo /usr/local/bin/nxp_manage.sh help NXP_API_KEY=<YOUR PLATFORM API KEY> NXP_DOMAIN=nxlog.example.com NXP_BACKUP_LOCATION=/srv/nxp/backup NXP_DATA_LOCATION=/srv/nxp/data NXP_SELF_SIGNED_CERT=Y NXP_MINDER_AGENT_PORT=5515 NXP_PROMETHEUS_PORT=9091 Usage: make <target> General help Display this help. ... unarchive Unarchive the downloaded .tar.gz file to INSTALL_DIR.