Administering GreenArrow Without root Access
- Table of Contents
- Overview
- Upgrades
- Managing & Administering the Software
- Troubleshooting
Overview
GreenArrow must be installed using the root
user account. After installation, most management and administration of the software can be performed using sudo
.
Upgrades
Upgrading GreenArrow requires upgrading operating system packages.
The upgrade must either be done as root
or using sudo
as a user who has permission to run all upgrade procedure commands.
Managing & Administering the Software
Management and administration of the software can be done by changing file permission and giving sudo
access to specific commands.
Editing Configuration Files
You can modify the file permissions in /var/hvmail/control/
so that they can be edited from your non-root
user account.
You could also make all of these files owned by a group that your non-root
user belongs to, make these files owned by that group, and grant read/write permission to “group” on those files.
Filesystem permission updates will need to be re-run after every GreenArrow package update because package updates reset the permissions.
You could also provide sudo
access to create, overwrite, and delete files in this directory.
Running Commands
You will need to allow many commands to be run as root
using sudo
.
Here is a list. As far as we know it is complete. As you administer the software you may discover more commands in the documentation that need to be added to this list.
/var/hvmail/bin/greenarrow
/var/hvmail/bin/greenarrow_blockers
/var/hvmail/bin/greenarrow_config
/var/hvmail/bin/greenarrow_convert_powermta_configuration
/var/hvmail/bin/greenarrow_status
/var/hvmail/bin/hvmail_check_config
/var/hvmail/bin/hvmail_check_events_table
/var/hvmail/bin/hvmail_db_test
/var/hvmail/bin/hvmail_event_processor
/var/hvmail/bin/hvmail_hw_specs
/var/hvmail/bin/hvmail_init
/var/hvmail/bin/hvmail_postgres_manager
/var/hvmail/bin/hvmail_report
/var/hvmail/bin/hvmail_set
/var/hvmail/bin/hvmail_speed_test
/var/hvmail/bin/hvmail_status
/var/hvmail/bin/hvmail_unmanged_backup
/var/hvmail/bin/hvmail_update_httpd_config
/var/hvmail/bin/hvmail_update_tcprules
/var/hvmail/djb/bin/svc
/var/hvmail/djb/bin/svstat
Accessing Logfiles
Logfiles in /var/hvmail/log/
need to be read.
If you need to limit to specifc commands to accessing files in this directory, here is a sample list of commands:
ls /var/hvmail/log
ls /var/hvmail/log/*
ls /var/hvmail/log/*/*
cat /var/hvmail/log/*
cat /var/hvmail/log/*/*
tail -F /var/hvmail/log/*/current
tail /var/hvmail/log/*/current
Files inside of /var/hvmail/log
are automatically created and rotated, so their permissions will get reset as they are rotated. Therefor updating permissions to allow access is not recommended.
Postgres pgpass
We recommend copying /root/.pgpass
to the home directory of the non-root
UNIX user that you will use to administer GreenArrow. This allows you to be automatically logged in without a password prompt when running psql
.
Troubleshooting
If you are giving GreenArrow access to troubleshoot your install using sudo
, then you must also install the following utilities, and give GreenArrow sudo
access to them:
lsof
strace