Good morning.
I was testing the Python subprocess module in Ignition, and noticed that the user running the Ignition Gateay service is root (Linux).
Is it possible to change this user? Would this change have any negative consequences?
Best regards.
You will have to run the service as an other user.
This can affect file access, or the timezone/locale amongst other things.
should be easy enough to revert if it causes trouble i guess xd
You set this in the SystemD unit file for the Ignition service. Consider specifying AmbientCapabilities=CAP_NET_RAW CAP_NET_BIND_SERVICE to allow Ignition to use ports 80 & 443 and to use built-in ping when not root.
Make sure to change ownership of all Ignition files and folders to the new user.
I have edited the service configuration: "sudo nano /etc/systemd/system/Ignition-Gateway.service", but the "AmbientCapabilities" variable does not exist.
Should I add it like this: AmbientCapabilities=CAP_NET_BIND_SERVICE?
Thank you.
Yes, you add it yourself, in the [Service] section.
Also, consider using a systemd override file instead of editing the main file, e.g.:
systemctl edit Ignition-Gateway.service
This will create an override file at /etc/systemd/system/Ignition-Gateway.service.d/override.conf that will persist through an Ignition upgrade (that may reset/revert that base configuration file).
2 Likes
You may need to include an explicit ExecStart line with empty content to negate the base settings, e.g.
ExecStart=
ExecStart=<your new stuff>
I should probably also mention that the override file is for augmenting the base file, you don't need to put the contents of the original file in there, otherwise you'll end up with conflicts there.
1 Like
What do you have currently in both your:
/etc/systemd/system/Ignition-Gateway.service/etc/systemd/system/Ignition-Gateway.service.d/override.conf
... files?
Good morning.
Finally I decided to restore the file as it was: User=root.
This is giving me too many problems.
Sorry for the inconvenience.