Minimal Server Management for non-root Users

Aspera Server under Linux requires root privileges for daily operations. It is possible to use a normal user (with sudo privileges) in order to simply managing the server.

The management is a minimal and it is intended for daily operation

  • service restart
  • log collection
  • minimal configuration

It assumes that in the linux system there is a user aspservice (with a related primary group). It assumes that commands are allowed to run for the server XXX.

Aspera FASPEX Web Application Server

sudoers file 

Host_Alias ASP_FASPEX = xxx
Cmnd_Alias ASP_FASPEX_CMDS = /usr/bin/asctl
aspservice ASP_FASPEX = (ALL) NOPASSWD: ASP_FASPEX_CMDS

system 

usermod -G faspex aspservice 
usermod -A faspex aspservice

NOTE: These are two different commands, and only one has to be used according to the linux distribution. 

Aspera SHARES Web Application Server

sudoers file 

Host_Alias ASP_SHARES = xxx
Cmnd_Alias ASP_SHARES_CMDS = /etc/init.d/aspera-shares
aspservice ASP_SHARES = (ALL) NOPASSWD: ASP_SHARES_CMDS

system 

usermod -G shares aspservice 
usermod -A shares aspservice

NOTE: These are two different commands, and only one has to be used according to the linux distribution. 

Aspera ENTERPRISE Server

sudoers file

Host_Alias ASP_TRANSFER = xxx
Cmnd_Alias ASP_TRANSFER_CMDS = /etc/init.d/asperacentral, /etc/init.d/asperanoded, /etc/init.d/asperahttpd,/opt/aspera/bin/asnodeadmin
aspservice ASP_TRANSFER = (ALL) NOPASSWD: ASP_TRANSFER_CMDS

system 

chgrp aspservice /opt/aspera/etc
chmod 775 /opt/aspera/etc
chgrp aspservice /opt/aspera/etc/aspera.conf 

NOTE: the group change on the /opt/aspera/etc will allow to change the aspera.conf from Aspera Console when the user aspservice is used as connecting user. This will not allow an automatic restart of asperacentral from aspera console, but the sudoers entries allows aspservice user to restart asperacentral service in case a restart needed param is changed in console

NOTE: the aspservice (at least the group) should be able to read /var/log/messages or /var/log/localmessages or /var/log/aspera.log in order to let aspservice to retrieve the Aspera Syslog entries. This can be configured in the logrotate or in the syslog.conf  or in the syslog-ng according to the distribution used

 

Aspera PROXY server

sudoers file 

Host_Alias ASP_PROXY = xxx
Cmnd_Alias ASP_PROXY_CMDS = /etc/init.d/asperaproxy, /usr/sbin/iptables
aspservice ASP_PROXY = (ALL) NOPASSWD: ASP_PROXY_CMDS

system 

chgrp aspservice /opt/aspera/proxy/etc/aspera.conf

 

Aspera CONSOLE Server

sudoers file 

Host_Alias ASP_CONSOLE = xxx 
Cmnd_Alias ASP_CONSOLE_CMDS = /usr/bin/asctl
aspservice  ASP_CONSOLE = (ALL) NOPASSWD: ASP_CONSOLE_CMDS

system 

usermod -A aspera_console aspservice 
usermod -G aspera_console aspservice

 

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk