search

OpenWaterFoundation / cdss-app-snodas-tools

Colorado's Decision Support Systems (CDSS) Snow Data Assimilation System (SNODAS) Tools
8 stars 4 forks source link

Install and run SNODAS tools as snodas user. #33

Closed smalers closed 3 years ago

smalers commented 3 years ago

The previous version of SNODAS tools was installed with root file ownership and the cron process ran as root. This is not ideal. Therefore, need to create a user snodas and group snodas that own the /var/opt/snodas-tools files that are modified when software is run. Permissions can be changed after untarring the files using something like:

cd /var/opt/snodas-tools
chown -R snodas *
chgrp -R snodas *

The cron process should also be set up to run as the snodas user, which should have no permissions issues writing to the files.

It is not clear whether snodas user needs sudo permissions but that might help with setup.

Document this in the deployment documentation.

One concern is how to ensure that the upload to GCP bucket for the static website uses the correct user. It looks like Emma or my account was used in the past. How does an unattended process know which GCP account to use?

Nightsphere commented 3 years ago

The snodas user was not allowed to be made while the group existed. Since the group wasn't not being used, it was removed, and the snodas user was created. This also created the group as well. As of now, the snodas user does not need sudo privileges. I believe we have also started a channel of communication to deal with the uploading to the GCP bucket. Closing this issue.