I was testing the Python subprocess module in Ignition, and noticed that the user running the Ignition Gateay service is root (Linux).
Is it possible to change this user? Would this change have any negative consequences?
You will have to run the service as an other user.
This can affect file access, or the timezone/locale amongst other things.
should be easy enough to revert if it causes trouble i guess xd
You set this in the SystemD unit file for the Ignition service. Consider specifying
AmbientCapabilities=CAP_NET_RAW CAP_NET_BIND_SERVICE to allow Ignition to use ports 80 & 443 and to use built-in ping when not root.
Make sure to change ownership of all Ignition files and folders to the new user.
I have edited the service configuration: "sudo nano /etc/systemd/system/Ignition-Gateway.service", but the "AmbientCapabilities" variable does not exist.
Should I add it like this: AmbientCapabilities=CAP_NET_BIND_SERVICE?
Yes, you add it yourself, in the
Also, consider using a systemd override file instead of editing the main file, e.g.:
systemctl edit Ignition-Gateway.service
This will create an override file at
/etc/systemd/system/Ignition-Gateway.service.d/override.conf that will persist through an Ignition upgrade (that may reset/revert that base configuration file).
@kcollins1 I have followed your instructions but now I have this problem:
You may need to include an explicit ExecStart line with empty content to negate the base settings, e.g.
ExecStart=<your new stuff>
I should probably also mention that the override file is for augmenting the base file, you don't need to put the contents of the original file in there, otherwise you'll end up with conflicts there.
Now I have another error:
runuser: cannot be used by users other than root
What do you have currently in both your:
Finally I decided to restore the file as it was: User=root.
This is giving me too many problems.
Sorry for the inconvenience.