Run as Non-Root User
By default, NFO runs as a root user. If you would like to change the Run As user after installation, follow this procedure to change the Run As user. These instructions show how to change NFO tomcat and EDFN user “root” and group “root” to a non root user “nfo” which belongs to a group “nfo-group”.
warning
NFO Repeater function requires running the service under root. If you change the user to a non-root user and configure Repeater output, NFO will not run and becomes unresponsive!
Procedure
- Switch to a root shell, for example
sudo -i
- Stop tomcat and EDFN services
systemctl stop nfi_updd.service
systemctl stop tomcat_nfo.service
- Change
rootuser and group in the file/etc/systemd/system/tomcat_nfo.servicetonfoandnfo-grouprespectively:
from
[Service]
User=root
Group=root
to
[Service]
User=nfo
Group=nfo-group
- Change
rootuser and group in the file/etc/systemd/system/nfi_updd.servicetonfoandnfo-grouprespectively:
from
[Service]
User=root
Group=root
to
[Service]
User=nfo
Group=nfo-group
- Edit
/opt/flowintegrator/nfi.shscript file, modify the following line by changingrootuser tonfo:
from
./daemon.sh --java-home ${JAVA_HOME} --service-start-wait-time 120 --tomcat-user root start
to
./daemon.sh --java-home ${JAVA_HOME} --service-start-wait-time 120 --tomcat-user nfo start
- Edit /opt/nfi-updater/bin/nfiu_daemon script file, modify the following line by changing
rootuser tonfo:
from
./daemon.sh -java-home="${JAVA_HOME}" -nfiu-user=root start
to
./daemon.sh -java-home="${JAVA_HOME}" -nfiu-user=nfo start
- Change
/opt/flowintegratoruser and group recursively. For example to changerootto usernfoand groupnfo-groupuse the following command:
chown --recursive nfo:nfo-group /opt/flowintegrator
- Change
/opt/nfi-updateruser and group recursively. For example to changerootto usernfoand groupnfo-groupuse the following command:
chown --recursive nfo:nfo-group /opt/nfi-updater
- Start tomcat and EDFN services:
systemctl start nfi_updd.service
systemctl start tomcat_nfo.service