Create a service account to install and manage NXLog Platform

In some environments, IT security requirements or compliance mandates forbid the long-term use of root privileges to run software applications on Linux. The procedure below walks you through creating a service account with the least privileges to install and manage NXLog Platform. We tested this procedure on RHEL and Ubuntu.

Prerequisites

  • Root level privileges on the target computer to complete the tasks.

  • A username and group name. We use nxp for the username and nxpgroup for the group name. You may change these to suit your environment.

Prepare the environment and create the service account

Follow these steps to create a dedicated service account and grant it the necessary permissions to install and manage NXLog Platform:

  1. Create the nxpgroup group and nxp user. You will use these dedicated accounts to manage NXLog Platform and ensure a separation of privileges from the root user.

    $ sudo groupadd -g 900 nxpgroup
    $ sudo useradd -m -g nxpgroup -s /bin/bash nxp
    $ sudo passwd nxp
  2. Next, configure the sudoers file to grant the service account access to the necessary commands and installer path for installing and managing NXLog Platform. Replace /tmp/nxp/nxp-*.sfx.sh with the path of the NXLog Platform installer file.

    $ sudo tee /etc/sudoers.d/99-nxpgroup > /dev/null << EOF
    Cmnd_Alias NXP = /usr/local/bin/nxp_manage.sh, /usr/bin/journalctl, /bin/vi /etc/nxp.conf
    Cmnd_Alias NXP_INSTALL = /tmp/nxp/nxp-*.sfx.sh
    %nxpgroup ALL = NXP, NXP_INSTALL
    EOF

You can now install NXLog Platform using the nxp user account. See Install NXLog Platform for instructions.

Test the installation and access

Once you install NXLog Platform, verify that the service account can manage NXLog Platform by performing a test using the nxp_manage.sh script.

  1. Switch to the nxp user and run the following command:

    $ sudo /usr/local/bin/nxp_manage.sh help
  2. If access is configured correctly, you should see output similar to the following (the help section is truncated in the example):

    $ sudo /usr/local/bin/nxp_manage.sh help
    NXP_API_KEY=<YOUR PLATFORM API KEY>
    NXP_DOMAIN=nxlog.example.com
    NXP_BACKUP_LOCATION=/srv/nxp/backup
    NXP_DATA_LOCATION=/srv/nxp/data
    NXP_SELF_SIGNED_CERT=Y
    NXP_MINDER_AGENT_PORT=5515
    NXP_PROMETHEUS_PORT=9091
    
    Usage:
      make <target>
    
    General
      help                       Display this help.
    ...
      unarchive                  Unarchive the downloaded .tar.gz file to INSTALL_DIR.