Change the user running the Ignition Gateway service

Good morning.

I was testing the Python subprocess module in Ignition, and noticed that the user running the Ignition Gateay service is root (Linux).

Is it possible to change this user? Would this change have any negative consequences?

Best regards.

1 Like

You will have to run the service as an other user.

This can affect file access, or the timezone/locale amongst other things.

should be easy enough to revert if it causes trouble i guess xd

You set this in the SystemD unit file for the Ignition service. Consider specifying AmbientCapabilities=CAP_NET_RAW CAP_NET_BIND_SERVICE to allow Ignition to use ports 80 & 443 and to use built-in ping when not root.

Make sure to change ownership of all Ignition files and folders to the new user.

I have edited the service configuration: "sudo nano /etc/systemd/system/Ignition-Gateway.service", but the "AmbientCapabilities" variable does not exist.

image

Should I add it like this: AmbientCapabilities=CAP_NET_BIND_SERVICE?

Thank you.

Yes, you add it yourself, in the [Service] section.

Also, consider using a systemd override file instead of editing the main file, e.g.:

systemctl edit Ignition-Gateway.service

This will create an override file at /etc/systemd/system/Ignition-Gateway.service.d/override.conf that will persist through an Ignition upgrade (that may reset/revert that base configuration file).

2 Likes

@kcollins1 I have followed your instructions but now I have this problem:

You may need to include an explicit ExecStart line with empty content to negate the base settings, e.g.

ExecStart=
ExecStart=<your new stuff>

I should probably also mention that the override file is for augmenting the base file, you don't need to put the contents of the original file in there, otherwise you'll end up with conflicts there.

1 Like


Now I have another error:
runuser: cannot be used by users other than root

What do you have currently in both your:

  • /etc/systemd/system/Ignition-Gateway.service
  • /etc/systemd/system/Ignition-Gateway.service.d/override.conf

... files?

Good morning.
Finally I decided to restore the file as it was: User=root.
This is giving me too many problems.
Sorry for the inconvenience.